From owner-freebsd-security  Fri Mar 16 17:28:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4])
	by hub.freebsd.org (Postfix) with ESMTP id 662C437B718
	for <freebsd-security@FreeBSD.ORG>; Fri, 16 Mar 2001 17:28:08 -0800 (PST)
	(envelope-from rsimmons@wlcg.com)
Received: from localhost (rsimmons@localhost)
	by mail.wlcg.com (8.11.3/8.11.3) with ESMTP id f2H1Rfj30921;
	Fri, 16 Mar 2001 20:27:41 -0500 (EST)
	(envelope-from rsimmons@wlcg.com)
Date: Fri, 16 Mar 2001 20:27:37 -0500 (EST)
From: Rob Simmons <rsimmons@wlcg.com>
To: Anil Jangity <aj@entic.net>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: Multiple vendors FTP denial of service
In-Reply-To: <Pine.BSF.4.33.0103160832130.17245-100000@mars.entic.net>
Message-ID: <Pine.BSF.4.33.0103162026510.30661-100000@mail.wlcg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You can change the user that ftpd runs as in inetd.conf.

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Fri, 16 Mar 2001, Anil Jangity wrote:

> Kris/All,
>
> FTPD is run as root (atleast on my machine). I don't want to limit root
> resources, since I am not sure exactly what a good ball park figure for
> root would be...
>
> I looked in ftpd(8) for some way to make it run as another user (atleast
> after it starts up) but no luck.
>
> So, my question is, how do you propose we resource limit ftpd as you
> suggest via login.conf?
>
> Thanks
>
> Anil
>
> @ I'm pretty sure (but haven't tested) that resource limits will prevent
> @ this problem.  Your ftpd shouldn't be using large amount of memory
> @ under normal operating procedures, so you can set those to reasonable
> @ values and not suffer any ill effects.
> @
> @ Kris
> @
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6sr2Nv8Bofna59hYRAulRAKC20qJDD9H8hSVmW0TUxrPggy2YZwCfcuPz
aCyNKaYxkf5yauK9UpD9UGQ=
=Utb5
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message