Re: Simple DoS...out of resources?

Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Tue, 9 Mar 1999 11:17:15 +0100 (CET)


> On Mon, 8 Mar 1999, Myrdraal wrote:
>
> > On Mon, Mar 08, 1999 at 01:39:24PM -0500, rewt wrote:
> > Hi,
> > > It is very easy to crash a system simply by viewing a large file with
> > > editor such as pico. It will eat up all the resources and do some
> > > unpredictible things. In my case I viewed a 100mb file as it was reading
> > > it, it filled up all the swap space which is 48mb. It killed most of the
> > > processes including sendmail, sshd, X, syslog. Does anyone have any idea
> > > how can i protect myself against that kind of DoS? My configuration:
> > > P100, 48mb ram, 48mb swap running on kernel 2.2.2.
> > You need to set user resource limits. This isn't a kernel problem. See
> > the "ulimit" command if you use bash. Other shells probably use a different
> > command.
> As a side note, the new versions of the linux shadow suite
> support the /etc/limits command to force limits on users, and I
> believe the RedHat PAM package has a similiar option..

I already thought of it and I think that linux _should_ be more protected
against such kind of attacks. A simple solution: If there's no swap space,
the kernel should count which user is taking most memory and kill some his
processes; not just kill the first process that actually wants memory over
limit.

Mikulas Patocka

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/