From owner-freebsd-hackers Mon Feb 10 18:56:55 2003 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CD1FB37B401; Mon, 10 Feb 2003 18:56:53 -0800 (PST) Received: from gunjin.wccnet.org (gunjin.wccnet.org [198.111.176.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id DCE6443FAF; Mon, 10 Feb 2003 18:56:52 -0800 (PST) (envelope-from anthony@gunjin.wccnet.org) Received: from gunjin.wccnet.org (localhost.rexroof.com [127.0.0.1]) by gunjin.wccnet.org (8.12.3/8.12.2) with ESMTP id h1B2vFgo039483; Mon, 10 Feb 2003 21:57:15 -0500 (EST) Received: (from anthony@localhost) by gunjin.wccnet.org (8.12.3/8.12.3/Submit) id h1B2vFlf039482; Mon, 10 Feb 2003 21:57:15 -0500 (EST) Date: Mon, 10 Feb 2003 21:57:15 -0500 From: Anthony Schneider To: Julian Elischer Cc: hackers@FreeBSD.ORG, des@FreeBSD.ORG Subject: Re: Some "security" questions. Message-ID: <20030211025715.GA39077@x-anthony.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > #2 sounds like a great DOS to me.. > operator > > operator > > operator > put a two (ten???) second delay after each failed login? as for the commands, you could hack sys/kern_acct.c to include command arguments and acct.h for struct acct and all the dependent utilities and libraries and remember that since acct_process writes accounting information on process exit, there's no guarantee that the arguments are the same as when passed to execve. so in the end, this is probably not the best way to do it. -Anthony. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message