[15262] in bugtraq
Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability
daemon@ATHENA.MIT.EDU (Alfred Perlstein)
Thu Jun 8 16:13:23 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20000602144954.Q17973@fw.wintelcom.net>
Date: Fri, 2 Jun 2000 14:49:54 -0700
Reply-To: Alfred Perlstein <bright@WINTELCOM.NET>
From: Alfred Perlstein <bright@WINTELCOM.NET>
X-To: Ussr Labs <labs@USSRBACK.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com>; from
labs@USSRBACK.COM on Wed, Aug 02, 2000 at 08:41:53AM -0300
* Ussr Labs <labs@USSRBACK.COM> [000602 13:08] wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability
[snip same old story about exhausting mbufs]
FreeBSD 4 and above are not vulnerable if proper limits are put
into place. These limits should be setup at the same time other
limits (such as 'maxproc' to disallow forkbombing) are set up.
Please see the the RLIMIT_SBSIZE option for setrlimit(2), it allows
a reasonable limit to be set for users socket buffers.
An undocumeted (which I just fixed) option for login.conf(5) 'sbsize'
allows this restriction to be put into place for users:
:sbsize=1048576:\
Of course the real solution is rmuser(8), but that's a matter of
policy.
hope this helps,
--
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
