From owner-freebsd-security Tue Jul 10 23: 5:11 2001 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 807B837B403 for ; Tue, 10 Jul 2001 23:05:08 -0700 (PDT) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.3/8.11.2) id f6B657X24415; Tue, 10 Jul 2001 23:05:07 -0700 (PDT) (envelope-from dillon) Date: Tue, 10 Jul 2001 23:05:07 -0700 (PDT) From: Matt Dillon Message-Id: <200107110605.f6B657X24415@earth.backplane.com> To: Alfred Perlstein Cc: "Robert E. Lee" , Dag-Erling Smorgrav , Ted Mittelstaedt , js43064n@pace.edu, freebsd-security@FreeBSD.ORG Subject: Re: Kernel Panic References: <20010710230329.A1894@sneakerz.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org :* Robert E. Lee [010710 22:54] wrote: :> On 24 Jun 2001, Dag-Erling Smorgrav wrote: :> > "Ted Mittelstaedt" writes: :> > A disk error would not crash the system. Please stop spouting :> > unfounded (though highly imaginative) bullshit. :> :> Not to get into a pissing contest, but I have had disk errors in the past :> that made my system crash. :> :> On the original thread, when you have a local account on a box, you can :> usually use this script as an effective DoS: :> :> $ more foo.sh :> #!/bin/sh :> :> while [ 1 -eq 1 ]; do :> find / -name foo & :> done :> :> The default settings for most Unix OS's allow that type of script to :> consume enough resources to make the system unusable. : :It'd be almost trivial to limit the amount of outstanding IO on a :per uid basis. Have time for a patch? :) : :Hint: :store the amount of IO in the uidinfo struct, if you go out of :bounds, sleep on the outstanding buf counter address for a short :time (*), if the user completes IO, then issue a wakeup. : :(*) the reason you can not sleep inifinitely is because you may cause :a deadlock situation against yourself when writing out dirty buffers, :or maybe not.. ? : :Anyhow, that should allow for throttling. : :-- :-Alfred Perlstein [alfred@freebsd.org] Appropriate resource limits and a properly configured system can go a long way towards preventing a crash. Expecting an untuned, insufficiently endowed machine to be able to handle a DOS attack from a shell prompt is unrealistic. The machine can't really tell the difference between something like the above and, say, someone starting up a copy of gnome, or mozilla, or ircd, or a user account dedicated to serving cvsup. You certainly can't tell by looking at the I/O load... the above script would only max out the disk's seeking (which a lot of programs can do), and it does not actually represent any significant amount of I/O bandwidth relative to, say, a program copying a large file. So the fix is really nothing more then the sysadmin setting appropriate resource limits, monitoring the machine, and blowing away any idiot user who does the above. The fix is certainly not to try to make the OS magically figure out that someone is running a DOS attack from a shell prompt and having it arbitrarily throttle the uid! -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message