[11655] in bugtraq
Re: Local DoS in FreeBSD
daemon@ATHENA.MIT.EDU (Jason Ackley)
Thu Sep 2 17:40:26 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSI.4.05.9908312115480.393-100000@llama.ackley.net>
Date: Tue, 31 Aug 1999 21:19:56 -0700
Reply-To: Jason Ackley <jason@ACKLEY.NET>
From: Jason Ackley <jason@ACKLEY.NET>
X-To: "L. Sassaman" <rabbi@QUICKIE.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org>
On Fri, 27 Aug 1999, L. Sassaman wrote:
> This was first posted to the FreeBSD security list on the 9th of August,
> subsequently discussed on freebsd-stable and freebsd-hackers... no one
> seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x
> machines consistantly. I have also been told that it affects NetBSD and
> OpenBSD, though I haven't confirmed it.
Standard resource drain DoS..
> Someone with the know-how care to fix?
man login.conf
login.conf on *BSDs can be used to set resource limits for users,
CPUtime, memory locked etc etc...
I removed my limits on a user and was able to overload my machine (BSDI
4.0), after putting my limits back on there is no problem..
Anyone that is not using a login.conf or other type of resource
restriction is asking for punishment..
More of a 'bug' in the setup / configuration of the system on the admin's
part, not on the OS if you ask me..
my $.02 deposited..
cheers,
--
jason
