___________________________________________________________________
   
   [Prev][Next][Index][Thread]
   
                            [PATCH] denial of service
     ___________________________________________________________________
   
     * To: djb-qmail@koobera.math.uic.edu
     * Subject: [PATCH] denial of service
     * From: Dean Gaudet <dgaudet-list-qmail@arctic.org>
     * Date: Thu, 12 Jun 1997 00:01:23 -0700 (PDT)
     * Delivered-to: mailing list djb-qmail@koobera.math.uic.edu
     * Delivered-to: djb-qmail@koobera.math.uic.edu
     * Mailing-List: contact djb-qmail-help@koobera.math.uic.edu; run by
       ezmlm
     ___________________________________________________________________
   
I played with the idea I posted earlier.  qmail behaves quite responsibly
when it runs out of memory (as expected).  So limiting resources is a
quite reasonable solution to the problem.  I don't really have the time to
make a clean patch however.  Included at the bottom is a dirty rotten
patch that does the job.

This survives Wietse Venema's qmail-dos-1.c and qmail-dos-2.c.  (Although
-1 needs a minor tweak to \0 terminate the buf array after the memset.)  I
ran qmail-smtpd under strace so that I could watch how it behaved when it
ran out of memory.  In both cases it calls _exit(), but in the -2 case it
actually responds with an "out of memory".  In -1 there is no such
response sent.

Note that RLIMIT_AS is required on linux 2.x because linux won't respect
the RLIMIT_DATA or RLIMIT_RSS settings, a topic of recent discussion on
the linux kernel mailing list.

Dean

--- qmail-smtpd.c.dist  Mon Apr 14 22:05:23 1997
+++ qmail-smtpd.c       Wed Jun 11 23:47:47 1997
@@ -20,6 +20,24 @@
 #include "now.h"
 #include "exit.h"

+#include <sys/resource.h>
+
+static void restrict_mem(void)
+{
+    struct rlimit r;
+
+    r.rlim_cur = r.rlim_max = 1024*1024;
+#ifdef RLIMIT_DATA
+    setrlimit(RLIMIT_DATA, &r);
+#endif
+#ifdef RLIMIT_RSS
+    setrlimit(RLIMIT_RSS, &r);
+#endif
+#ifdef RLIMIT_AS
+    setrlimit(RLIMIT_AS, &r);
+#endif
+}
+
 #define MAXHOPS 100
 int timeout = 1200;

@@ -422,6 +440,8 @@
 {
  static stralloc cmd = {0};
  int match;
+
+ restrict_mem();

  sig_alarmcatch(sigalrm);
  sig_pipeignore();

     ___________________________________________________________________
   
   Follow-Ups:
     * Re: [PATCH] denial of service
          + From: Matt Ranney <mjr@ranney.com>
     ___________________________________________________________________
   
     * Prev: Re: Denial of service (qmail-smtpd)
     * Next: Re: relayclient and other things
     * Index(es):
          + Main
          + Thread