Bugtraq mailing list archives
Re: Shared memory DoS's
From: glynn () SENSEI CO UK (Glynn Clements)
Date: Fri, 16 Jul 1999 11:53:14 +0100
Mike Perry wrote:
1. The system does not check rlimits for mmap and shmget (FreeBSD) 2. The system never bothers to offer the ability to set the rlimits for virtual memory via shells, login process, or otherwise. (Linux)
Some fixes: The Linux SysVinit (>2.54) uses /etc/initscript (or /sbin/initscript) to spawn the processes listed in /etc/inittab, so you can set limits within that (e.g. for the getty processes). Either wrap in.telnetd or use -L to wrap the login program. Set limits in the rc.init2 (etc) script for daemons which may execute user-defined code (e.g. crond, httpd). Similarly for xdm via Xstartup. You might also want to wrap your MDAs if you are using procmail or allow program aliases in ~/.forward files. Some versions of Linux (RedHat?) have a login which allows limits to be set via a login.defs file.
4. With System V IPC, shared memory persists even after the process is gone. So even though the kernel may kill the process after it exhausts all memory from page faults, there still is 0 memory left for the system. I suppose with some trickery you might be able to achieve the same results by shared mmap()'ing a few large files between pairs of processes. (All)
mmap() is potentially less serious as the memory will be released if the processes are killed. -- Glynn Clements <glynn () sensei co uk>
Current thread:
- Update to Microsoft Security Bulletin (MS99-025), (continued)
- Update to Microsoft Security Bulletin (MS99-025) aleph1 () UNDERGROUND ORG (Jul 23)
- Re: Shared memory DoS's (Redhat retraction) Wietse Venema (Jul 22)
- Alert: RDS IIS vulnerability/fix .rain.forest.puppy. (Jul 23)
- Re: Shared memory DoS's Dick St.Peters (Jul 15)
- Re: Shared memory DoS's Nicolas V. Chernyy (Jul 15)
- Re: Shared memory DoS's Mike Perry (Jul 17)
- Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 David Luyer (Jul 16)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Ollivier Robert (Jul 19)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Matt Dunn (Jul 22)
- Re: Mail relay vulnerability in RedHat 5.0, 5.1, 5.2 Daniele Orlandi (Jul 24)
- Re: Shared memory DoS's Glynn Clements (Jul 16)
- Re: Shared memory DoS's Mike Perry (Jul 16)
- Re: Shared memory DoS's Howard Kaye (Jul 19)
- Samba 2.0.5 security fixes Andrew Tridgell (Jul 20)
- Re: Shared memory DoS's Richard Shetron (Jul 20)
- Delegate creates directories writable for anyone Olaf Seibert (Jul 21)
- Administrivia Aleph One (Jul 22)
- SNMP communities in 3Com HiPer Arcs (maybe other 3Com products?) Jeff Mcadams (Jul 20)
- Correction to Microsoft Security Bulletin MS99-025 aleph1 () UNDERGROUND ORG (Jul 20)