Re: PTY DOS vulnerability?

From: Paul Rolland (
Date: Wed Jul 02 2003 - 01:42:18 EST


> > second, just providing a user limit doesn't prevent a denial of
> > service.. Just have more connections than ptys and you are
> in the same
> > situation.
> Isn't this something a improved sshd could do? I.e. if the
> connection using up the last (or one of the last) pty's logs
> in as non-root - just kill it.

Why restricting this to SSH ? I mean, this can occur even if you
are not using SSH.

Some per-user limit seems to be good... but if we do that, what about
also limiting the number of TCP/UDP ports used on a per-user basis ?

In fact, all the resources that are available should be per-user limited
if you want to avoid a single one causing a complete DoS...
 - CPU
 - Memory
 - Network
 - Disk
 - Pty
 - ...


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Jul 07 2003 - 22:00:15 EST