Date: Fri, 16 Mar 2001 20:28:37 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Anil Jangity <aj@entic.net> Cc: freebsd-security@freebsd.org Subject: Re: Multiple vendors FTP denial of service Message-ID: <20010316202837.C428@ringworld.oblivion.bg> In-Reply-To: <Pine.BSF.4.33.0103160832130.17245-100000@mars.entic.net>; from aj@entic.net on Fri, Mar 16, 2001 at 08:39:07AM -0800 References: <20010315215913.A70990@mollari.cthul.hu> <Pine.BSF.4.33.0103160832130.17245-100000@mars.entic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 16, 2001 at 08:39:07AM -0800, Anil Jangity wrote: > Kris/All, > > FTPD is run as root (atleast on my machine). I don't want to limit root > resources, since I am not sure exactly what a good ball park figure for > root would be... > > I looked in ftpd(8) for some way to make it run as another user (atleast > after it starts up) but no luck. > > So, my question is, how do you propose we resource limit ftpd as you > suggest via login.conf? It might not be easy to do this via login.conf; if you are running your ftpd via inetd, though, you can use /usr/bin/limits to do that: ftp stream tcp nowait root /usr/bin/limits ftpd -d10K /usr/libexec/ftpd -l ..or you could make an ftpd wrapper: #!/bin/sh ulimit -d 10240 exec /usr/libexec/ftpd -l Having said that, I, too, haven't tested whether setting resource limits eliminates the original problem. G'luck, Peter -- The rest of this sentence is written in Thailand, on > @ I'm pretty sure (but haven't tested) that resource limits will prevent > @ this problem. Your ftpd shouldn't be using large amount of memory > @ under normal operating procedures, so you can set those to reasonable > @ values and not suffer any ill effects. > @ > @ Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010316202837.C428>