Date: Sun, 4 Jun 2000 10:46:17 +0400 (MSD) From: Oleg Derevenetz <oleg@oleg.vsi.ru> To: Alfred Perlstein <bright@wintelcom.net> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: DoS Message-ID: <Pine.BSF.4.21.0006041042530.282-100000@oleg.vsi.ru> In-Reply-To: <20000603234039.X17973@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 3 Jun 2000, Alfred Perlstein wrote: > > Denial of Service and kernel panic (out of mbuf) appears when following > > program executes (originally reported by Sven Berkenvs > > (sven@ILSE.NL)). Affects FreeBSD 3.x & 4.0, OpenBSD 2.5, OpenBSD 2.6, > > NetBSD 1.4.1. > > FreeBSD 4 and above are not vulnerable if proper limits are put > into place. These limits should be setup at the same time other > limits (such as 'maxproc' to disallow forkbombing) are set up. > > Please see the the RLIMIT_SBSIZE option for setrlimit(2), it allows > a reasonable limit to be set for users socket buffers. > > An undocumeted (which I just fixed) option for login.conf(5) 'sbsize' > allows this restriction to be put into place for users: > > :sbsize=1048576:\ Aha, thanks. BTW, how with RLIMIT_MAP to limit mmap() operations ? > Of course the real solution is rmuser(8), but that's a matter of > policy. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006041042530.282-100000>