From owner-freebsd-bugs  Thu Aug  5 22: 7:58 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id BFEC814E7B
	for <freebsd-bugs@freebsd.org>; Thu,  5 Aug 1999 22:07:55 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from ospf-wat.sentex.net (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id BAA26842; Fri, 6 Aug 1999 01:07:04 -0400 (EDT)
From: mike@sentex.net (Mike Tancsa)
To: worthope@public.bta.net.cn (leijun)
Cc: freebsd-bugs@freebsd.org
Subject: Re: about user's crash freebsd system, help me!
Date: Fri, 06 Aug 1999 05:19:25 GMT
Message-ID: <37aa6bfb.148688222@mail.sentex.net>
References: <MAIL37AA414B.C12AB762@public.bta.net.cn>
In-Reply-To: <MAIL37AA414B.C12AB762@public.bta.net.cn>
X-Mailer: Forte Agent .99e/32.227
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 5 Aug 1999 22:06:51 -0400, in sentex.lists.freebsd.misc you wrote:

>Hi ,
>
>  I am leiyin , a software engineer in china. I just want to migrate
>from linux world to freebsd  world. However , our new freebsd 3.1 system
>can be crashed down by any
>user who just create such a small program which I call it crashme.
>
>   The program source is very simple:

Hi, this is more a post that belongs in questions@freebsd.org, not bugs.


Have a look in /etc/login.conf

Create a class like the following

saftey:\
        :cputime=infinity:\
        :datasize-cur=8M:\
        :datasize-max=8M:\
        :stacksize-cur=4M:\
        :stacksize-max=4M:\
        :memorylocked-cur=10M:\
        :memorylocked-max=10M:\
        :memoryuse-cur=10M:\
        :memoryuse-max=10M:\
        :filesize=infinity:\
        :coredumpsize=infinity:\
        :maxproc-cur=9:\
        :maxproc-max=9:\
        :openfiles-cur=64:\
        :openfiles-max=64:\
        :priority=0:\
        :requirehome@:\
        :umask=022:\
        :tc=auth-defaults:

Then issue the command
cap_mkdb /etc/login.conf

Then, do a chfn username

e.g.
Changing user database information for testguy.
Login: testguy
Password: $1$N7.XXX2a/apXXXWXXXAXXXjGXXX1
Uid [#]: 1288
Gid [# or name]: 118
Change [month day year]:
Expire [month day year]: January 1, 1999
Class: saftey
Home directory: /u7/home/testguy
Shell: /usr/local/bin/tcsh
Full Name: Test Robot
Location:
Office Phone:
Home Phone:
Other information:


Notice on the class line, is the class name saftey.

This will then limit the user from doing fork bombs or eating up all your
RAM.

Note, that you should also upgrade your system to a newer version like 3.2
or better yet, track STABLE.

See the section of the handbook on tracking STABLE with cvsup.

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada
"Who is this 'BSD', and why should we free him?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message