Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262318AbTGANXi (ORCPT ); Tue, 1 Jul 2003 09:23:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262328AbTGANXi (ORCPT ); Tue, 1 Jul 2003 09:23:38 -0400 Received: from kinesis.swishmail.com ([209.10.110.86]:525 "HELO kinesis.swishmail.com") by vger.kernel.org with SMTP id S262318AbTGANXh (ORCPT ); Tue, 1 Jul 2003 09:23:37 -0400 Message-ID: <3F018F7A.3050301@techsource.com> Date: Tue, 01 Jul 2003 09:41:14 -0400 From: Timothy Miller User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Alan Cox CC: Fredrik Tolf , Linux Kernel Mailing List Subject: Re: PTY DOS vulnerability? References: <200306301613.11711.fredrik@dolda2000.cjb.net> <1056995729.17590.19.camel@dhcp22.swansea.linux.org.uk> <200306302331.38071.fredrik@dolda2000.cjb.net> <1057008994.17589.40.camel@dhcp22.swansea.linux.org.uk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1316 Lines: 34 How about giving each user his own set of virtual ptys? Alan Cox wrote: > On Llu, 2003-06-30 at 22:31, Fredrik Tolf wrote: > >>That is true, though, of course. Stupid me not to think about >>that. However, that means that an administrator who could find >>himself being under such an attack might not think about it >>either. Also, from the outside, the ssh client just does >>nothing, making it look as if the server is unresponsive. Of >>course, the exact error is logged to the server's syslog, but if >>you can't view it, then you won't know about it. >> >>So all in all, do you think I should implement a per-user >>resource limit on PTYs? > > > There are a whole collection of things that would benefit from that kind > of management - go for it but make it possible to add other stuff too > > - > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > > - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/