From owner-freebsd-security Fri Mar 16 13:17:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 37F1637B718 for ; Fri, 16 Mar 2001 13:17:35 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f2GLGm674347; Fri, 16 Mar 2001 13:16:48 -0800 (PST) (envelope-from dillon) Date: Fri, 16 Mar 2001 13:16:48 -0800 (PST) From: Matt Dillon Message-Id: <200103162116.f2GLGm674347@earth.backplane.com> To: Paul Herman Cc: "ho-sang, yoon" , , Kris Kennaway Subject: Re: Multiple vendors FTP denial of service (fwd) References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> :> I don't think that the resourse limit does effect on this matter. :> Or, am I something wrong? : :I, too, had thought that "max memory size" (or RLIMIT_RSS) would have :kicked in, but it didn't. However, what does work is setting the :"datasize" (RLIMIT_DATA), which will kill ftpd when "SIZE" exceeds :RLIMIT_DATA. : :Now I'm wondering about RLIMIT_RSS, i.e. the amount of memory in core. :I'm perusing through sys/vm now... : :-Paul. The 'datasize' limit (RLIMIT_DATA) only applies to malloc(). It does not apply to mmap(). This is a known issue. In anycase, it would depend on what ftpd uses. I would expect ftpd to use malloc() for internal structures and perhaps mmap() (or sendfile()) when reading a file. The 'memoryuse' limit (RLIMIT_RSS) only applies to the process'es in-core size. If the process exceeds this value and the machine is loaded down, the kernel will attempt to swap pages out to get the process back within the limit. If the machine is mostly idle, the kernel ignores this limit. Currently we have no resource to limit mmap() use. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message