From owner-freebsd-questions  Sat Apr 10  6:31:41 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15])
	by hub.freebsd.org (Postfix) with ESMTP
	id B336114D28; Sat, 10 Apr 1999 06:31:37 -0700 (PDT)
	(envelope-from green@unixhelp.org)
Received: from localhost (green@localhost)
	by janus.syracuse.net (8.9.2/8.8.7) with ESMTP id JAA69978;
	Sat, 10 Apr 1999 09:29:19 -0400 (EDT)
Date: Sat, 10 Apr 1999 09:29:19 -0400 (EDT)
From: Brian Feldman <green@unixhelp.org>
X-Sender: green@janus.syracuse.net
To: Dmitry Valdov <dv@dv.ru>
Cc: chris@calldei.com, freebsd-current@FreeBSD.ORG,
	freebsd-questions@FreeBSD.ORG
Subject: Re: DoS from local users (fwd)
In-Reply-To: <Pine.BSF.3.95q.990410111322.8140B-100000@xkis.kis.ru>
Message-ID: <Pine.BSF.4.05.9904100927240.69973-100000@janus.syracuse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 10 Apr 1999, Dmitry Valdov wrote:

> 
> 
> On Sat, 10 Apr 1999, Chris Costello wrote:
> 
> > Date: Sat, 10 Apr 1999 02:05:33 -0500
> > From: Chris Costello <chris@holly.dyndns.org>
> > Reply-To: chris@calldei.com
> > To: Dmitry Valdov <dv@dv.ru>
> > Cc: freebsd-current@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
> > Subject: Re: DoS from local users (fwd)
> > 
> > On Sat, Apr 10, 1999, Dmitry Valdov wrote:
> > > >    You typically want to set a restriction as to how many
> > > > processes a user can spawn.  This is done by editing
> > > > /etc/login.conf and changing the user's login class, see the man
> > > > page for 'login.conf'.
> > > > 
> > > 
> > > I'm about CPU usage, not about many processes.
> > > See:
> > > CPU states: 17.8% user,  0.0% nice, 81.7% system,  0.5% interrupt,  0.0%
> > > idle 
> > > on any (tested on P2-45) machine.
> > > 
> > > CPU is used by SYSTEM, not by USER. So I can't restrict it with login.conf
> > > And load average can be up to 20-40 :( 
> > > 
> > > Please don't redirect me to -questions, it's a kernel problem, not just
> > > config. 
> > 
> >    How is it a kernel problem?  It's a forkbomb.  It spawns many
> > processes.  You can also limit CPU usage with login.conf, I
> > believe.
> 
> Hmm. How I can limit CPU usage by SYSTEM? See top's output below.
> 
> Dmitry.
> 
> PS. I've just tried it. And I'm right - CPU usage limit can't help.
> 

So? Processes that run a while go down in priority [McKusick95 I believe, THE
book] so they are preempted easily. Look in top and see if they're all at
the top of the list. I bet they're not! Also, you can set per-user niceness
levels, and why are you being so liberal giving a standard LUSER 32 processes?
This is a system administration problem.

> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-current" in the body of the message
> 

 Brian Feldman                _ __ ___ ____  ___ ___ ___  
 green@unixhelp.org                _ __ ___ | _ ) __|   \ 
     FreeBSD: The Power to Serve!      _ __ | _ \__ \ |) |
         http://www.freebsd.org           _ |___/___/___/ 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message