Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shared memory DoS's (Redhat retraction)

From: jimd () STARSHINE ORG (Jim Dennis)
Date: Mon, 19 Jul 1999 04:03:29 -0700


I've been waiting all day for my post to be approved so I could
post a retraction for Redhat Linux and its derivatives. :)



It seems I forgot all about pam. Thanks to Mike Johnson of Redhat
for bringing pam_limits.so to my attention. Any distribution that
uses pam can set limits to prevent this.



However, other distributions like Slackware and the default debian
install still need some method to set the RLIMIT_AS limit. You
need to patch login.c and other methods of authentication (ssh &
rlogin, etc), or replace the appropriate functions in the lshell
distribution (ftp://metalab.unc.edu/pub/Linux/system/admin/login),
and wrap your shells accordingly. I still don't know what to do
about dgb in that case. The alternative is to patch all your
system shells and set the rlimits via the worldwide rc scrips.


        Actually any Linux using the Shadow password suite
        (from Julianne Haugh?) should be fine.  You should be
        able to create a file named /etc/login.defs and use
        that to set ULIMIT and other limitations (which
        that version of login should read).  You could
        easily run your version of login under strace
        to confirm that it does read the /etc/login.defs
        file.  Better distributions using this suite will
        also have a man page for it.  (the PAM suite is largely
        based on the Shadow suite so it seems to support
        /etc/login.defs by default).

--
Jim Dennis                                             jdennis () linuxcare com
Linuxcare: Linux Corporate Support Team:            http://www.linuxcare.com
Previous By Date Next
Previous By Thread Next

Current thread: