[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <67027.1248734813@turing-police.cc.vt.edu>
Date: Mon, 27 Jul 2009 18:46:53 -0400
From: Valdis.Kletnieks@...edu
To: Lasse Kärkkäinen <tronic+bpsk@....iki.fi>
Cc: linux-kernel@...r.kernel.org
Subject: Re: Securing a system with limits.conf
On Sun, 26 Jul 2009 07:10:41 +0300, =?ISO-8859-1?Q?Lasse_K=E4rkk=E4inen?= said:
> - How should things be configured to reliably prevent non-priveleged
> users from DoS'ing a machine.
This depends on your threat model. What are you trying to defend against:
1) Clued user doing something stupid on their laptop?
2) Unclued user doing the same?
3) Clued user who just got bitten by an exploit in Firefox?
4) Clued user doing something stupid on a large database/web server?
5) Malicious user on a multi-user timesharing system?
bash$ :(){ :|:&};:
Consider the above line of bash code, in each of the 5 scenarios. Same
attack, but the configuration settings you use to deal with it may be
vastly different.
Now repeat the analysis, but assume you have a determined attacker who has
acquired access to *3* different logins on the machine and can use them
simultaneously, in collusion. Now try to come up with a solution that
doesn't annoy the 3 users in question when they're legitimately logged on.
Bottom line: At best, you can make it more difficult for a local user to DoS
the box. You can't *prevent* it unless you're willing to impose a lot of
limits your users won't like.
And sometimes, the correct security tool is not a system tunable setting,
but a baseball bat.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists