Bugtraq mailing list archives

Re: Local DoS in FreeBSD

From: jason () ACKLEY NET (Jason Ackley)
Date: Tue, 31 Aug 1999 21:19:56 -0700


On Fri, 27 Aug 1999, L. Sassaman wrote:

This was first posted to the FreeBSD security list on the 9th of August,
subsequently discussed on freebsd-stable and freebsd-hackers... no one
seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x
machines consistantly. I have also been told that it affects NetBSD and
OpenBSD, though I haven't confirmed it.


 Standard resource drain DoS..

Someone with the know-how care to fix?


 man login.conf

 login.conf on *BSDs can be used to set resource limits for users,
CPUtime, memory locked etc etc...

I removed my limits on a user and was able to overload my machine (BSDI
4.0), after putting my limits back on there is no problem..

Anyone that is not using a login.conf or other type of resource
restriction is asking for punishment..

More of a 'bug' in the setup / configuration of the system on the admin's
part, not on the OS if you ask me..

my $.02 deposited..

cheers,

--
jason

Current thread:

Re: Local DoS in FreeBSD Darren Reed (Aug 31)
- DoS bug in MessageASAP software Forrest Aldrich (Aug 30)
- Re: Local DoS in FreeBSD L. Sassaman (Sep 01)
- Re: Local DoS in FreeBSD Jared Mauch (Sep 02)
- Re: Local DoS in FreeBSD Jeff Wheat (Sep 02)
  - Re: Local DoS in FreeBSD FreeBSD -- The Power to Serve (Sep 07)
- <Possible follow-ups>
- Re: Local DoS in FreeBSD MMS26 (Aug 31)
- Re: Local DoS in FreeBSD Jason Ackley (Aug 31)