[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Sendmail - (was: SHP flaw)

Subject: Re: [cobalt-security] Sendmail - (was: SHP flaw)
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Mon, 19 Aug 2002 07:45:33 +0200
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I kind of disagree, if someone generated that max. load, then other
> users would be denied access.
>
> While it isn't a huge thing, it can be abused to prevent traffic.

Correct. In admin training we once brought an Sun E10000 (pretty big iron) to 
its knees because those lines are by default commented out in Solaris' 
Sendmail configuration. 

I'd say that a load average of 15 and 20 respectively is enough to justify 
some proactive if not drastic actions. With Sendmail continuing to  send 
emails you'll otherwise risk that the entire server goes down, which will 
also have impact on all users. 

A temporary mailserver outage is certainly more acceptable than a crash of the 
whole box, but the choice is of course yours.

Let's focuss a little more on security while we're talking about Sendmail.

There are two other quite important switches in the sendmail.cf:

# maximum number of children we allow at one time
O MaxDaemonChildren=15

# maximum number of new connections per second
O ConnectionRateThrottle=3

The actual values in your config files might be different. 

The MaxDaemonChildren is pretty important, too, as it defines how many 
children processes Sendmail is allowed to fork. With that value as shown 
above up to 15 emails will be processed simulteanously. Doesn't sound like 
much, but for a RaQ3 that's already pretty close to meltdown if the webserver 
is pretty active and you have little memory to go around.

Comment that value out and you open yourself up for a DOS attack which will 
bring the server down to it's knees. Less than five lines of shell script 
will do the job - either locally or remotely.

If you have all four values set properly, then the DOS attack will only 
increase the servers load average up to the point where Sendmail shuts down. 
Without these measures in place Linux runs either out of file descriptors, 
out of memory or the load average will go straight through the roof.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- Re: [cobalt-security] Sendmail - (was: SHP flaw)
  - From: Kameel
- Re: [cobalt-security] Sendmail - (was: SHP flaw)
  - From: Paul Jacobs

References:
- RE: [cobalt-security] Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION REQUIRED!
  - From: Jamie - i-Dot
- Re: [cobalt-security] Sendmail - (was: SHP flaw)
  - From: Michael Stauber
- Re: [cobalt-security] Sendmail - (was: SHP flaw)
  - From: myuu

Prev by Date: Re: [cobalt-security] Sendmail - (was: SHP flaw)
Next by Date: Re: [cobalt-security] Sendmail - (was: SHP flaw)
Previous by thread: Re: [cobalt-security] Sendmail - (was: SHP flaw)
Next by thread: Re: [cobalt-security] Sendmail - (was: SHP flaw)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index