Re: WU-FTPD 2.6.2 Freezer

[Luca Berra <bluca () comedia it>]

On Fri, Oct 31, 2003 at 11:40:44AM -0800, Seth Arnold wrote:
> On Fri, Oct 31, 2003 at 02:55:43PM -0000, Angelo Rosiello wrote:
> >         for( i=0; i<loop; i++ )
> >         {
> >                 write( sd, "LIST -w 1000000 -C\n", 19 );
> >         }
>
> It is probably worth pointing out that it is FSF ls(1) at fault here;
> wu-ftpd just provides a convenient way for potentially unauthenticated
> users to DoS the machine. If your OS supports rlimits (ulimit(3)), I
> believe they will provide reliable protection against this problem.

it might be also worth noting that wu-ftpd can be rebuilt with internal
ls code.

regards,
L.

--
Luca Berra -- bluca () comedia it
       Communication Media & Services S.r.l.
/"\
\ /     ASCII RIBBON CAMPAIGN
 X        AGAINST HTML MAIL
/ \