> > second, just providing a user limit doesn't prevent a denial of
> > service.. Just have more connections than ptys and you are
> in the same
> > situation.
>
> Isn't this something a improved sshd could do? I.e. if the
> connection using up the last (or one of the last) pty's logs
> in as non-root - just kill it.
Why restricting this to SSH ? I mean, this can occur even if you
are not using SSH.
Some per-user limit seems to be good... but if we do that, what about
also limiting the number of TCP/UDP ports used on a per-user basis ?
In fact, all the resources that are available should be per-user limited
if you want to avoid a single one causing a complete DoS...
- CPU
- Memory
- Network
- Disk
- Pty
- ...
Paul
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/