From owner-freebsd-security Tue May 30 23:16: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from fusion.unixfreak.org (cx272244-a.orng1.occa.home.com [24.1.177.149]) by hub.freebsd.org (Postfix) with ESMTP id 0C98637B837 for ; Tue, 30 May 2000 23:15:57 -0700 (PDT) (envelope-from bhishan@fusion.unixfreak.org) Received: (from bhishan@localhost) by fusion.unixfreak.org (8.10.1/8.9.3) id e4V6Our01501; Tue, 30 May 2000 23:24:56 -0700 (PDT) (envelope-from bhishan) From: Bhishan Hemrajani Message-Id: <200005310624.e4V6Our01501@fusion.unixfreak.org> Subject: Re: Local FreeBSD, OpenBSD, NetBSD, DoS Vulnerability (fwd) In-Reply-To: from Justin Stanford at "May 31, 2000 08:10:31 am" To: Justin Stanford Date: Tue, 30 May 2000 23:24:56 -0700 (PDT) Cc: Matt Heckaman , Garrett Wollman , FreeBSD-SECURITY X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there a patch for 3.4-STABLE users so that the limits can be applied? I have been informed of one located at: http://people.freebsd.org/~green/sbsize2.patch However, it is not functional at this moment. Thank you. --bhishan > Take a look at the sample login.conf entry on http://www.security.za.net > (News Section) - this has proven to prevent the DoS from working. > > Regards, > jus > > -- > Justin Stanford > 082 7402741 > jus@security.za.net > www.security.za.net > IT Security and Solutions > > > On Wed, 31 May 2000, Matt Heckaman wrote: > > > On Tue, 30 May 2000, Garrett Wollman wrote: > > [...] > > : ITYM ``see `man setrlimit' with special attention to RLIMIT_SBSIZE''. > > : `man limit' doesn't provide any useful information at all. > > > > Yes, I see what you mean and understand RLIMIT_SBSIZE, but just how is > > that set on a machine wide-all-users scale? From what I can tell from > > login.conf(5) there's no resource for it. > > > > RESOURCE LIMITS > > Name Type Notes Description > > cputime time CPU usage limit. > > filesize size Maximum file size limit. > > datasize size Maximum data size limit. > > stacksize size Maximum stack size limit. > > coredumpsize size Maximum coredump size limit. > > memoryuse size Maximum of core memory use size > > limit. > > memorylocked size Maximum locked in core memory size > > limit. > > maxproc number Maximum number of processes. > > openfiles number Maximum number of open files per > > process. > > ... > > > > Is the manual page out of date and it's there, or is it not? > > > > : -GAWollman > > > > Regards, > > Matt Heckaman > > matt@arpa.mail.net > > http://www.lucida.qc.ca > > ------------ Output from pgp ------------ > > Opening file "/home/jus/pgp4pine.tmp" type text. > > Signature by unknown keyid: 0xC0355390 > > Opening file "/dev/null" type text. > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Bhishan Hemrajani / bhishan@fusion.unixfreak.org / PGP: 0xFAC75561 Finger bhishan@fusion.unixfreak.org for more information. The difference between us and a computer is that, the computer is blindingly stupid, but it is capable of being stupid many, many million times a second. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message