Date: Fri, 16 Mar 2001 13:16:48 -0800 (PST) From: Matt Dillon <dillon@earth.backplane.com> To: Paul Herman <pherman@frenchfries.net> Cc: "ho-sang, yoon" <tsoi@xocah.holywar.net>, <freebsd-security@FreeBSD.ORG>, Kris Kennaway <kris@obsecurity.org> Subject: Re: Multiple vendors FTP denial of service (fwd) Message-ID: <200103162116.f2GLGm674347@earth.backplane.com> References: <Pine.BSF.4.33.0103162158140.10083-100000@husten.security.at12.de>
next in thread | previous in thread | raw e-mail | index | archive | help
:>
:> I don't think that the resourse limit does effect on this matter.
:> Or, am I something wrong?
:
:I, too, had thought that "max memory size" (or RLIMIT_RSS) would have
:kicked in, but it didn't. However, what does work is setting the
:"datasize" (RLIMIT_DATA), which will kill ftpd when "SIZE" exceeds
:RLIMIT_DATA.
:
:Now I'm wondering about RLIMIT_RSS, i.e. the amount of memory in core.
:I'm perusing through sys/vm now...
:
:-Paul.
The 'datasize' limit (RLIMIT_DATA) only applies to malloc(). It does
not apply to mmap(). This is a known issue. In anycase, it would depend
on what ftpd uses. I would expect ftpd to use malloc() for internal
structures and perhaps mmap() (or sendfile()) when reading a file.
The 'memoryuse' limit (RLIMIT_RSS) only applies to the process'es
in-core size. If the process exceeds this value and the machine is
loaded down, the kernel will attempt to swap pages out to get the
process back within the limit. If the machine is mostly idle, the
kernel ignores this limit.
Currently we have no resource to limit mmap() use.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103162116.f2GLGm674347>