From owner-freebsd-security  Tue Sep  3  9:49:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 61A7137B400; Tue,  3 Sep 2002 09:49:04 -0700 (PDT)
Received: from patrocles.silby.com (d7.as8.nwbl0.wi.voyager.net [169.207.132.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id C460243E3B; Tue,  3 Sep 2002 09:49:02 -0700 (PDT)
	(envelope-from silby@silby.com)
Received: from patrocles.silby.com (localhost [127.0.0.1])
	by patrocles.silby.com (8.12.6/8.12.5) with ESMTP id g83GqQxP005932;
	Tue, 3 Sep 2002 11:52:26 -0500 (CDT)
	(envelope-from silby@silby.com)
Received: from localhost (silby@localhost)
	by patrocles.silby.com (8.12.6/8.12.6/Submit) with ESMTP id g83GqOTU005929;
	Tue, 3 Sep 2002 11:52:25 -0500 (CDT)
X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs
Date: Tue, 3 Sep 2002 11:52:24 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Alfred Perlstein <bright@mu.org>
Cc: Benjamin Krueger <benjamin@seattleFenix.net>,
	Ivan Streetovich <bad_dot_c@yahoo.com>, <chat@freebsd.org>,
	<security@freebsd.org>
Subject: Re: From: Ivan Streetovich, Japan
In-Reply-To: <20020903055340.GF73747@elvis.mu.org>
Message-ID: <20020903115002.T5618-100000@patrocles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Mon, 2 Sep 2002, Alfred Perlstein wrote:

> * Mike Silbersack <silby@silby.com> [020902 17:06] wrote:
> >
> > This is just another local mbuf exhaustion attack.  We should probably put
> > in countermeasures for this one of these days, but it's not all that much
> > of a serious problem.  If you have a shell machine you wish to get your
> > access revoked on, then by all means go ahead and use this program.
>
> I think the 'sbsize' ulimit already protects people from this.
>
> I think the problem is that it's not set by default, however I think
> that's somewhat of a good thing as it makes sure we don't bomb out
> when someone tries to bench us.

Doh, I had forgotten about that setting.  Sbsize does work decently in
such a situation, but it's not ready to be enabled by default.  In
addition to the fact that it would bomb out people doing high volume
benchmarks, there's also the problem that it accounts for receive buffers,
which are empty most of the time.

Bosko and I had thrown around some ideas on how to improve mbuf limiting,
but we haven't had time to work on them yet.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message