Bugtraq: Re: Local DoS in FreeBSD

[jason () ACKLEY NET (Jason Ackley)]

On Fri, 27 Aug 1999, L. Sassaman wrote:

> This was first posted to the FreeBSD security list on the 9th of August,
> subsequently discussed on freebsd-stable and freebsd-hackers... no one
> seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x
> machines consistantly. I have also been told that it affects NetBSD and
> OpenBSD, though I haven't confirmed it.
 Standard resource drain DoS..

> Someone with the know-how care to fix?
 man login.conf

 login.conf on *BSDs can be used to set resource limits for users,
CPUtime, memory locked etc etc...

I removed my limits on a user and was able to overload my machine (BSDI
4.0), after putting my limits back on there is no problem..

Anyone that is not using a login.conf or other type of resource
restriction is asking for punishment..

More of a 'bug' in the setup / configuration of the system on the admin's
part, not on the OS if you ask me..

my $.02 deposited..

cheers,

--
jason