Date: Fri, 16 Mar 2001 19:34:22 +0100 (CET) From: Paul Herman <pherman@frenchfries.net> To: Anil Jangity <aj@entic.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Multiple vendors FTP denial of service Message-ID: <Pine.BSF.4.33.0103161922120.9463-100000@husten.security.at12.de> In-Reply-To: <Pine.BSF.4.33.0103160832130.17245-100000@mars.entic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 16 Mar 2001, Anil Jangity wrote: > FTPD is run as root (atleast on my machine). I don't want to limit root > resources, since I am not sure exactly what a good ball park figure for > root would be... The resources are set for the user who logged in through ftp. ftpd (root) does a seteuid() to the user and then sets the resource limits. So, unless you login as root over ftp, you just set limits on the user. To bad a setusercontext() call couldn't be easily implimented inside of set[e]uid() (it's in -lutil not -lc). I see too many FreeBSD admins that believe that their proftpds and qmails are protected by the limits set in /etc/login.conf. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103161922120.9463-100000>