From owner-freebsd-current  Fri Feb 18 12:38:13 2000
Delivered-To: freebsd-current@freebsd.org
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133])
	by hub.freebsd.org (Postfix) with ESMTP
	id 41C4037BA51; Fri, 18 Feb 2000 12:36:48 -0800 (PST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id WAA28827;
	Fri, 18 Feb 2000 22:35:38 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <200002182035.WAA28827@gratis.grondar.za>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: Lyndon Nerenberg <lyndon@orthanc.ab.ca>,
	Peter Wemm <peter@netplex.com.au>, current@FreeBSD.ORG,
	committers@FreeBSD.ORG
Subject: Re: Crypto progress! (And a Biiiig TODO list) 
References: <Pine.BSF.3.96.1000218115512.39111G-100000@fledge.watson.org> 
In-Reply-To: <Pine.BSF.3.96.1000218115512.39111G-100000@fledge.watson.org> ; from Robert Watson <robert@cyrus.watson.org>  "Fri, 18 Feb 2000 11:59:02 EST."
Date: Fri, 18 Feb 2000 22:35:38 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> 
> Another technique that could be used, and gets discussed occasionally on
> -security, is passing authentication information via ancillary data
> transfer on UNIX domain sockets.  You could limit the effectiveness of DOS
> attacks by rate limiting per-uid, for example.

Why is this being discussed as if it is new?

This is what my tool _does_, for crying out loud!!

> It should be noted that both the old and new schemes are subject to
> denial of service--the old due to locking, and the new due to socket/IPC
> limits, among other things.  I would argue, however, that the new
> mechanism reduces risk as it would allow us to remove the setuid bit from
> a number of binaries, instead relying on a single auditable code base in
> the password file manager.

Right!! Forward motion.

> If we plan to move to more daemons using IPC to communicate in this style,
> we might want to think about consistency guidelines for doing this.  For
> example, mandating an LPC structure of some sort, or managing parallelism
> on a single pipe, etc.  Also, documenting techniques that tend to reduce
> the risk of denial of service for daemons offering IPC services.  

Sure. Code/Documetation welcome.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message