From owner-freebsd-security  Fri Mar 16 13: 2:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mr200.netcologne.de (mr200.netcologne.de [194.8.194.109])
	by hub.freebsd.org (Postfix) with ESMTP id C8F8C37B718
	for <freebsd-security@FreeBSD.ORG>; Fri, 16 Mar 2001 13:02:40 -0800 (PST)
	(envelope-from pherman@frenchfries.net)
Received: from husten.security.at12.de (dial-213-168-72-106.netcologne.de [213.168.72.106])
	by mr200.netcologne.de (Mirapoint)
	with ESMTP id ACP85460;
	Fri, 16 Mar 2001 22:02:38 +0100 (CET)
Received: from localhost (localhost.security.at12.de [127.0.0.1])
	by husten.security.at12.de (8.11.3/8.11.2) with ESMTP id f2GL2RB49212;
	Fri, 16 Mar 2001 22:02:27 +0100 (CET)
	(envelope-from pherman@frenchfries.net)
Date: Fri, 16 Mar 2001 22:02:27 +0100 (CET)
From: Paul Herman <pherman@frenchfries.net>
To: "ho-sang, yoon" <tsoi@xocah.holywar.net>
Cc: <freebsd-security@FreeBSD.ORG>,
	Kris Kennaway <kris@obsecurity.org>
Subject: Re: Multiple vendors FTP denial of service (fwd)
In-Reply-To: <20010315215913.A70990@mollari.cthul.hu>
Message-ID: <Pine.BSF.4.33.0103162158140.10083-100000@husten.security.at12.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, 16 Mar 2001, ho-sang, yoon wrote:

> $ whoami
> ftp
> $ ulimit -a
> [...]
> data seg size           (kbytes, -d)  524288
> stack size              (kbytes, -s)  65536
> core file size      (512-blocks, -c)  102400
> max memory size         (kbytes, -m)  20480
> locked memory           (kbytes, -l)  10240
> [...]
>
> ---top-----------------------------------------------------------------------
>   PID USERNAME PRI NICE  SIZE    RES STATE    TIME   WCPU    CPU COMMAND
>  6379 root      55   0 33360K 33016K RUN      0:40 86.02% 84.67% ftpd
> [cut]
> -----------------------------------------------------------------------------
>
> I don't think that the resourse limit does effect on this matter.
> Or, am I something wrong?

I, too, had thought that "max memory size" (or RLIMIT_RSS) would have
kicked in, but it didn't.  However, what does work is setting the
"datasize"  (RLIMIT_DATA), which will kill ftpd when "SIZE" exceeds
RLIMIT_DATA.

Now I'm wondering about RLIMIT_RSS, i.e. the amount of memory in core.
I'm perusing through sys/vm now...

-Paul.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message