[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] FTPD DoS
- Subject: Re: [cobalt-security] FTPD DoS
- From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 17 Mar 2001 18:17:22 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Well, hopefully your users wouldn't crash the RaQ on purpose. There's
> millions of ways to crash Linux at any rate, mostly due to lack of
> process restrictions in the Linux kernel.
PAM can used to implement process number (and other) limits in the Linux
Kernel. Take a look at
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam-6.html#ss6.12
for more details. This can certainly be used to prevent fork-bombs and
the like.
> All reproducable via PHP/Perl etc...
PHP does have some facilities to prevent users doing nasty things. Take a
look at the 'disable_function', 'max_execution_time' and 'memory_limit'
configuration directives for good examples.
Regards,
John