From owner-freebsd-chat Mon Sep 2 22:53:53 2002 Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5545537B405; Mon, 2 Sep 2002 22:53:41 -0700 (PDT) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1338B43E72; Mon, 2 Sep 2002 22:53:41 -0700 (PDT) (envelope-from bright@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1192) id D21FBAE165; Mon, 2 Sep 2002 22:53:40 -0700 (PDT) Date: Mon, 2 Sep 2002 22:53:40 -0700 From: Alfred Perlstein To: Mike Silbersack Cc: Benjamin Krueger , Ivan Streetovich , chat@freebsd.org, security@freebsd.org Subject: Re: From: Ivan Streetovich, Japan Message-ID: <20020903055340.GF73747@elvis.mu.org> References: <20020902143128.J64882@mail.seattleFenix.net> <20020902190613.V1590-100000@patrocles.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020902190613.V1590-100000@patrocles.silby.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Mike Silbersack [020902 17:06] wrote: > > On Mon, 2 Sep 2002, Benjamin Krueger wrote: > > > Interesting. I recieved a copy on Thursday night PST and forwarded it to phk > > and the security officer in the wee morning hours of Friday... > > > > I've heard rumour that it was culled from an (years) old post on a freebsd > > list. > > > > -- > > Benjamin Krueger > > This is just another local mbuf exhaustion attack. We should probably put > in countermeasures for this one of these days, but it's not all that much > of a serious problem. If you have a shell machine you wish to get your > access revoked on, then by all means go ahead and use this program. I think the 'sbsize' ulimit already protects people from this. I think the problem is that it's not set by default, however I think that's somewhat of a good thing as it makes sure we don't bomb out when someone tries to bench us. Perhaps an additional setting from adduser to set the login class in a more interactive manner should be done, something like: Please select a login class for the user's defaults and limits: 1) user 2) foo 3) daemon ... 1 You have selected login class 'user' which has the following settings: ... ok? (y/n) I might get to it one day, but I'm pretty busy atm. -- -Alfred Perlstein [alfred@freebsd.org] [#bsdcode/efnet/irc.prison.net] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message