Hello!
On Fri, 10 Mar 2006, Michael Proto wrote:
My suggestion would then be to utilize resource limits in
/etc/login.conf for the sshd user (in your example) or other user
accounts for applications that you don't want running out of control.
See login.conf(5) and login_cap(3) for more details on this. In
particular, the datasize, stacksize, memoryuse, and vmemoryuse options
may be of benefit.
OK, I'm aware about this measure. But have your tried it yourself against,
e.g., OpenSSH? I doubt it. Look at the following:
[EMAIL PROTECTED] ps axu |grep ssh
root 20213 0.0 1.3 54724 3356 ?? Is 4:00PM 0:00.10 sshd: dmitry
[priv]
dmitry 20216 0.0 1.3 54724 3356 ?? I 4:00PM 0:00.03 sshd:
[EMAIL
PROTECTED]
root 20229 0.0 1.3 54724 3356 ?? Ss 4:00PM 0:00.10 sshd: dmitry
[priv]
dmitry 20232 0.0 1.3 54724 3356 ?? S 4:00PM 0:00.03 sshd:
[EMAIL
PROTECTED]
It's the result of 2 incoming OpenSSH sessions: 2 processes per session,
one of them root's and another user's. SSH.COM's sshd always works as a root.
Also, during the DoS attack (simultaneous setup of many incoming TCP
connections to 22th port) there will be many root's processes like this:
root 20278 0.0 1.1 52016 2884 ?? Is 4:07PM 0:00.04 sshd:
[accepted]
Do you really advise to lower root's limits? I'm sure you don't ;)
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: [EMAIL PROTECTED]
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
