On Sat, 3 Jun 2000, Alfred Perlstein wrote: > > Denial of Service and kernel panic (out of mbuf) appears when following > > program executes (originally reported by Sven Berkenvs > > ([EMAIL PROTECTED])). Affects FreeBSD 3.x & 4.0, OpenBSD 2.5, OpenBSD 2.6, > > NetBSD 1.4.1. > > FreeBSD 4 and above are not vulnerable if proper limits are put > into place. These limits should be setup at the same time other > limits (such as 'maxproc' to disallow forkbombing) are set up. > > Please see the the RLIMIT_SBSIZE option for setrlimit(2), it allows > a reasonable limit to be set for users socket buffers. > > An undocumeted (which I just fixed) option for login.conf(5) 'sbsize' > allows this restriction to be put into place for users: > > :sbsize=1048576:\ Aha, thanks. BTW, how with RLIMIT_MAP to limit mmap() operations ? > Of course the real solution is rmuser(8), but that's a matter of > policy. :-) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
