Date: Wed, 01 Sep 1999 16:20:52 -0400 From: Mike Tancsa <mike@sentex.net> To: FreeBSD -- The Power to Serve <geniusj@free-bsd.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD Message-ID: <3.0.5.32.19990901162052.023c18d0@staff.sentex.ca> In-Reply-To: <Pine.BSF.4.10.9909011409520.19266-100000@free-bsd.org> References: <3.0.5.32.19990901140428.01f197b0@staff.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 02:10 PM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU >time so you can limit that too.. It will never crash the system with the >proper limits set :). They can run it all they want. Well, that sort of helps for kids just doing ./a.out, but would you put accounting limits on your web server ? That seems like a nasty can of configuration worms one would be opening no ? ---Mike > >On Wed, 1 Sep 1999, Mike Tancsa wrote: > >> At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >> >If you have public access users, you should have login accounting in the >> >first place.. and yes, it does stop it :).. I verified this on a 3.2 box >> >with my login accounting setup.. >> >> How does accounting stop it ? Or do you mean it just discourages users >> from doing it ? How much overhead does accounting add to the system ? >> Also, limiting the amount of file descriptors can prevent it, as the 'bug' >> is essentially a resource starving issue (e.g. fork bomb) >> >> ---Mike >> ------------------------------------------------------------------------ >> Mike Tancsa, tel 01.519.651.3400 >> Network Administrator, mike@sentex.net >> Sentex Communications www.sentex.net >> Cambridge, Ontario Canada >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > > ------------------------------------------------------------------------ Mike Tancsa, tel 01.519.651.3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19990901162052.023c18d0>