lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <2BC3E288-D370-4738-B90A-A47F30CB6536@mac.com>
Date:	Sun, 2 Sep 2007 04:52:21 -0400
From:	Kyle Moffett <mrmacman_g4@....com>
To:	Chris Snook <csnook@...hat.com>
Cc:	Anand Jahagirdar <anandjigar@...il.com>,
	Simon Arlott <simon@...e.lp0.eu>,
	Krzysztof Halasa <khc@...waw.pl>, linux-kernel@...r.kernel.org
Subject: Re: Fork Bombing Patch

On Aug 29, 2007, at 09:49:01, Chris Snook wrote:
>> Like this there are many cases..(actually these cases has already  
>> been discussed On LKML 2 months before in my thread named "fork  
>> bombing
>> attack").  in all these cases this printk helps adminstrator a lot.
>
> What exactly does this patch help the administrator do?  If a box  
> is thrashing, you still have sysrq.  You can also use cpusets and  
> taskset to put your root login session on a dedicated processor,  
> which is getting to be pretty cheap on modern many-core, many- 
> thread systems.  Group scheduling is in the oven, which will allow  
> you to prioritize classes of users in a more general manner, even  
> on UP systems.

I've also set up systems where there is a carefully rate-limited  
SCHED_RR 98 ssh process (NIC interrupt thread is SCHED_RR 99) behind  
an additional set of rate-limiting rules in IPtables.  Basically, no  
matter what somebody is doing to the workstation, even if I let them  
create as many processes as they want or get the box completely into  
a swap storm, I can "ssh -p 222 root@...e.box".  Once it connects I  
type in two passwords through a custom PAM plugin and then have my  
login script touch /etc/nologin and send SIGSTOP to every

The resource consumption issue is immediately over and I can go about  
kicking the user and filling out all the icky paperwork.

Cheers,
Kyle Moffett



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ