From owner-freebsd-hackers Sat Jun 3 23:46:26 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from oleg.vsi.ru (oleg.vsi.ru [213.24.136.12]) by hub.freebsd.org (Postfix) with ESMTP id CC04837B567 for ; Sat, 3 Jun 2000 23:46:20 -0700 (PDT) (envelope-from oleg@oleg.vsi.ru) Received: from localhost (oleg@localhost) by oleg.vsi.ru (8.9.3/8.9.3) with ESMTP id KAA00299; Sun, 4 Jun 2000 10:46:17 +0400 (MSD) (envelope-from oleg@oleg.vsi.ru) Date: Sun, 4 Jun 2000 10:46:17 +0400 (MSD) From: Oleg Derevenetz To: Alfred Perlstein Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: DoS In-Reply-To: <20000603234039.X17973@fw.wintelcom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 3 Jun 2000, Alfred Perlstein wrote: > > Denial of Service and kernel panic (out of mbuf) appears when following > > program executes (originally reported by Sven Berkenvs > > (sven@ILSE.NL)). Affects FreeBSD 3.x & 4.0, OpenBSD 2.5, OpenBSD 2.6, > > NetBSD 1.4.1. > > FreeBSD 4 and above are not vulnerable if proper limits are put > into place. These limits should be setup at the same time other > limits (such as 'maxproc' to disallow forkbombing) are set up. > > Please see the the RLIMIT_SBSIZE option for setrlimit(2), it allows > a reasonable limit to be set for users socket buffers. > > An undocumeted (which I just fixed) option for login.conf(5) 'sbsize' > allows this restriction to be put into place for users: > > :sbsize=1048576:\ Aha, thanks. BTW, how with RLIMIT_MAP to limit mmap() operations ? > Of course the real solution is rmuser(8), but that's a matter of > policy. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message