Date: Fri, 16 Mar 2001 13:16:48 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Paul Herman <pherman@frenchfries.net> Cc: "ho-sang, yoon" <tsoi@xocah.holywar.net>, <freebsd-security@FreeBSD.ORG>, Kris Kennaway <kris@obsecurity.org> Subject: Re: Multiple vendors FTP denial of service (fwd) Message-ID: <200103162116.f2GLGm674347@earth.backplane.com> References: <Pine.BSF.4.33.0103162158140.10083-100000@husten.security.at12.de>
next in thread | previous in thread | raw e-mail | index | archive | help
:> :> I don't think that the resourse limit does effect on this matter. :> Or, am I something wrong? : :I, too, had thought that "max memory size" (or RLIMIT_RSS) would have :kicked in, but it didn't. However, what does work is setting the :"datasize" (RLIMIT_DATA), which will kill ftpd when "SIZE" exceeds :RLIMIT_DATA. : :Now I'm wondering about RLIMIT_RSS, i.e. the amount of memory in core. :I'm perusing through sys/vm now... : :-Paul. The 'datasize' limit (RLIMIT_DATA) only applies to malloc(). It does not apply to mmap(). This is a known issue. In anycase, it would depend on what ftpd uses. I would expect ftpd to use malloc() for internal structures and perhaps mmap() (or sendfile()) when reading a file. The 'memoryuse' limit (RLIMIT_RSS) only applies to the process'es in-core size. If the process exceeds this value and the machine is loaded down, the kernel will attempt to swap pages out to get the process back within the limit. If the machine is mostly idle, the kernel ignores this limit. Currently we have no resource to limit mmap() use. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103162116.f2GLGm674347>