From owner-freebsd-security  Fri Mar 16  8:39:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mars.entic.net (mars.entic.net [63.125.62.132])
	by hub.freebsd.org (Postfix) with ESMTP id 0B09637B718
	for <freebsd-security@freebsd.org>; Fri, 16 Mar 2001 08:39:11 -0800 (PST)
	(envelope-from aj@entic.net)
Received: (qmail 18072 invoked by uid 100); 16 Mar 2001 16:39:07 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 16 Mar 2001 16:39:07 -0000
Date: Fri, 16 Mar 2001 08:39:07 -0800 (PST)
From: Anil Jangity <aj@entic.net>
To: <freebsd-security@freebsd.org>
Subject: Re: Multiple vendors FTP denial of service
In-Reply-To: <20010315215913.A70990@mollari.cthul.hu>
Message-ID: <Pine.BSF.4.33.0103160832130.17245-100000@mars.entic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Kris/All,

FTPD is run as root (atleast on my machine). I don't want to limit root
resources, since I am not sure exactly what a good ball park figure for
root would be...

I looked in ftpd(8) for some way to make it run as another user (atleast
after it starts up) but no luck.

So, my question is, how do you propose we resource limit ftpd as you
suggest via login.conf?

Thanks

Anil

@ I'm pretty sure (but haven't tested) that resource limits will prevent
@ this problem.  Your ftpd shouldn't be using large amount of memory
@ under normal operating procedures, so you can set those to reasonable
@ values and not suffer any ill effects.
@
@ Kris
@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message