From djb-qmail-return-3287-dgaudet-list-qmail=arctic.org@koobera.math.uic.edu Thu Jun 12 07:02:28 1997
Return-Path: <djb-qmail-return-3287-dgaudet-list-qmail=arctic.org@koobera.math.uic.edu>
Delivered-To: dgaudet-list-qmail@arctic.org
Received: (qmail 27371 invoked from network); 12 Jun 1997 07:02:28 -0000
Received: from cruncher.math.uic.edu (131.193.178.241)
  by twinlark.arctic.org with SMTP; 12 Jun 1997 07:02:28 -0000
Received: (qmail 3568 invoked by uid 1001); 12 Jun 1997 06:55:07 -0000
Mailing-List: contact djb-qmail-help@koobera.math.uic.edu; run by ezmlm
Delivered-To: mailing list djb-qmail@koobera.math.uic.edu
Received: (qmail 3563 invoked from network); 12 Jun 1997 06:55:07 -0000
Received: from koobera.math.uic.edu (qmailr@131.193.178.247)
  by cruncher.math.uic.edu with SMTP; 12 Jun 1997 06:55:07 -0000
Received: (qmail 22145 invoked by uid 666); 12 Jun 1997 07:03:45 -0000
Delivered-To: djb-qmail@koobera.math.uic.edu
Received: (qmail 22140 invoked from network); 12 Jun 1997 07:03:44 -0000
Received: from twinlark.arctic.org (204.62.130.91)
  by koobera.math.uic.edu with SMTP; 12 Jun 1997 07:03:44 -0000
Received: (qmail 27288 invoked by uid 500); 12 Jun 1997 07:01:23 -0000
Date: Thu, 12 Jun 1997 00:01:23 -0700 (PDT)
From: Dean Gaudet <dgaudet-list-qmail@arctic.org>
To: djb-qmail@koobera.math.uic.edu
Subject: [PATCH] denial of service
Message-ID: <Pine.LNX.3.95dg3.970611234333.26139A-100000@twinlark.arctic.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: O
X-Status: 

I played with the idea I posted earlier.  qmail behaves quite responsibly
when it runs out of memory (as expected).  So limiting resources is a
quite reasonable solution to the problem.  I don't really have the time to
make a clean patch however.  Included at the bottom is a dirty rotten
patch that does the job. 

This survives Wietse Venema's qmail-dos-1.c and qmail-dos-2.c.  (Although
-1 needs a minor tweak to \0 terminate the buf array after the memset.)  I
ran qmail-smtpd under strace so that I could watch how it behaved when it
ran out of memory.  In both cases it calls _exit(), but in the -2 case it
actually responds with an "out of memory".  In -1 there is no such
response sent. 

Note that RLIMIT_AS is required on linux 2.x because linux won't respect
the RLIMIT_DATA or RLIMIT_RSS settings, a topic of recent discussion on
the linux kernel mailing list.

Dean

--- qmail-smtpd.c.dist	Mon Apr 14 22:05:23 1997
+++ qmail-smtpd.c	Wed Jun 11 23:47:47 1997
@@ -20,6 +20,24 @@
 #include "now.h"
 #include "exit.h"
 
+#include <sys/resource.h>
+
+static void restrict_mem(void)
+{
+    struct rlimit r;
+
+    r.rlim_cur = r.rlim_max = 1024*1024;
+#ifdef RLIMIT_DATA
+    setrlimit(RLIMIT_DATA, &r);
+#endif
+#ifdef RLIMIT_RSS
+    setrlimit(RLIMIT_RSS, &r);
+#endif
+#ifdef RLIMIT_AS
+    setrlimit(RLIMIT_AS, &r);
+#endif
+}
+
 #define MAXHOPS 100
 int timeout = 1200;
 
@@ -422,6 +440,8 @@
 {
  static stralloc cmd = {0};
  int match;
+
+ restrict_mem();
 
  sig_alarmcatch(sigalrm);
  sig_pipeignore();