From owner-freebsd-security Tue May 30 23:20:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id F25BF37BE6C for ; Tue, 30 May 2000 23:20:21 -0700 (PDT) (envelope-from matt@ARPA.MAIL.NET) Received: (qmail 6347 invoked by uid 1000); 31 May 2000 06:20:21 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 May 2000 06:20:21 -0000 Date: Wed, 31 May 2000 02:20:18 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Justin Stanford Cc: FreeBSD-SECURITY Subject: Re: Local FreeBSD, OpenBSD, NetBSD, DoS Vulnerability (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 31 May 2000, Justin Stanford wrote: ... : Take a look at the sample login.conf entry on http://www.security.za.net : (News Section) - this has proven to prevent the DoS from working. Which part of it hmm. My evaluation of it would be the openfile limit, in that they cannot open up enough descriptors to successfully harm the box. Time for me me to go play with login.conf some more, thanks. The question still remains though, can you set RLIMIT_SBSIZE and RLIMIT_RSS with the login.conf? Both would be very useful to me :) : Regards, : jus Matt Heckaman matt@arpa.mail.net http://www.lucida.qc.ca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE5NK8ldMMtMcA1U5ARAmO2AJ4uiEPIHcMQazamUS2M8xvbiZOBtACbB4sF CpfXTAfbwJZTFYrzG/ceNRo= =buS0 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message