Date: Fri, 16 Aug 2002 12:30:03 -0700 (PDT) From: John Polstra <jdp@polstra.com> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/41552: TCP timers' sysctl's overflow Message-ID: <200208161930.g7GJU3fw055807@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/41552; it has been noted by GNATS. From: John Polstra <jdp@polstra.com> To: serkoon@thedarkside.nl Cc: bug-followup@freebsd.org Subject: Re: kern/41552: TCP timers' sysctl's overflow Date: Fri, 16 Aug 2002 12:21:58 -0700 (PDT) In article <200208152100.g7FL04jL011288@freefall.freebsd.org>, serkoon <serkoon@thedarkside.nl> wrote: > >Note, I don't think the fix referenced in this PR should be merged > >into the security branches anyway, since it is not security related. > > Imo a bug which makes a host vulnerable to a DoS-attack by using up > all available sockets/filedescriptors -is- a security-bug. I guess you'll > agree on that. Yes, but this one only happens when you use a rather unusual kernel configuration. You could set NMBCLUSTERS to 5, and that would open up a DoS attack too. But I don't think FreeBSD's urgent-security-fixes branch should address either of those potential problems. > Then, why don't you feel that way in this particular ocassion? Is it that > there just aren't many people around with HZ set at 1000 or up, so this > bug, although it may be a security-bug, isn't that important because > there are many higher prioritized things to fix? It's not a matter of priorities. It's just that the purpose of the security branches is to achieve maximum stability by including only the most essential security-related fixes. The more stuff you put into those branches, the less stable they will become. We have seen that in real life in the -stable branches, and in fact that is the reason the security branches were created in the first place. In this case I believe you should either maintain the patch locally until 4.7 comes out (October 1), or else follow the -stable branch rather than the security branch. John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208161930.g7GJU3fw055807>