Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
This is, to put it politely, incredibly old news. Let's face it, if you give
a user a shell acount, with no restrictions on CPU time or memory usage,
yes, they will be able to suck up as much resources as the computer can
spare (this is, among other reasons why "nice" exists). I advise you place
limitson the users, memory, cpu, stack size, file descriptors, etc, finding
"good" limits can be tricky though, and you will also want to limit
I wrote an article on using PAM (pluggable Authenticaiton Modules) which
covers these issues and a few others, available at:
Also you can view information on setting limits with various shells, and PAM
as well at:
goto "Limiting users overview".
And the LASG, "Limiting and monitoring users"
Better to use PAM to limit users then the shell because the various shells
do not all support the limiting the same items, or soft/hard limits, and if
you miss a shell and the user "chsh"'s they can avoid it, they can't really
avoid pam. As for the "/*/../........." problem in general it was
"discovered" many many years ago (more then two).
Kurt Seifried, firstname.lastname@example.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org