From owner-freebsd-security  Mon Oct  1 23:36: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from skif.net (dallas.skif.net [195.58.224.34])
	by hub.freebsd.org (Postfix) with ESMTP id 3F96037B401
	for <security@freebsd.org>; Mon,  1 Oct 2001 23:36:03 -0700 (PDT)
Received: from [195.58.225.122] (HELO brick.dol.donetsk.ua)
  by skif.net (CommuniGate Pro SMTP 3.5b3)
  with ESMTP id 585081 for security@FreeBSD.ORG; Tue, 02 Oct 2001 09:35:58 +0300
Received: from simplyi2 (simplyi.skif.net [195.58.224.69])
	by brick.dol.donetsk.ua (8.9.3/8.9.3) with SMTP id JAA40141
	for <security@FreeBSD.ORG>; Tue, 2 Oct 2001 09:35:52 +0300 (EEST)
	(envelope-from simplyi@skif.net)
Message-ID: <004701c14b0c$ce44f140$45e03ac3@skif.net>
From: "Igor Melnichuk" <simplyi@skif.net>
To: <security@FreeBSD.ORG>
Subject: login.conf & FreeBSD 4.4 
Date: Tue, 2 Oct 2001 09:38:05 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I need advise.

I have a server with installed FreeBSD 4.4 RELEASE .

Limiting users I've created new class "webuser" in login.conf ( fixed limit
on resource - max mem usage, cpu time, core dump size) and do all necessary
steps (compile base `cap_mkdb /etc/login.conf` and assign  new class to user
`chclass user1`)

But in fact this _not_ works when I logged like user1 or run perl script
(infinite loop)  with his privileges.

On machine with FreeBSD 4.3 RELEASE  this works well (kernel kill script
according to login.conf rules)

Any ideas ?

PS I've  read FreeBSD 4.4-RELEASE Errata (
http://www.freebsd.org/releases/4.4R/errata.html ) 2 Security Advisories
(Support for per-user ~/.login_conf files) I believe it has no relation to
problem

login.conf
--------------
webuser:\
        :cputime=10s:\
        :filesize=unlimited:\
        :datasize=20M:\
        :stacksize=20M:\
        :coredumpsize=unlimited:\
        :memoryuse=20M:\
        :memorylocked=20M:\
        :maxproc=20:\
        :openfiles=20:\
        :priority=0:
---------------

Igor Melnichuk
simplyi@skif.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message