Date: Mon, 20 Sep 1999 15:26:17 -0400 (EDT) From: Bosko Milekic <bmilekic@dsuper.net> To: Kip Macy <kip@lyris.com> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Joao Carlos <jcarlos@bahianet.com.br>, security@FreeBSD.ORG, hitech@bahianet.com.br Subject: Re: Out of mbuf clusters Message-ID: <Pine.OSF.4.05.9909201505560.14980-100000@oracle.dsuper.net> In-Reply-To: <Pine.SOL.4.05.9909201137450.25063-100000@luna>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 20 Sep 1999, Kip Macy wrote: !>Here is where your philosophy diverges from many others -- I and I believe !>many others think that a server operating system should at least be robust !>out of the box. Neither Linux nor Solaris is vulnerable to running out of !>mbufs as a result of malicious code. I don't think FreeBSD should be !>either. !> !>This is in no way a rant against FreeBSD, but rather a rant against the !>attitude that one needs to know about OS internals to run a lightweight !>server. If all of core insisted that Joe User had to know about internals !>to use FreeBSD as a server, FreeBSD would be little more than a hobbyist !>OS, rather than what it is -- the best OS currently available. !> !> -Kip !> First of all, you can't compare 'mbufs' with Linux. Second of all, there are advantages and disadvantages to every implementation. There are people presently working on changing the bahavior of certain shortage situations (like mbufs, for instance) but this work is dedicated to making the present implemention _better_, and not changing it entirely. Finally, although I don't officially represent the project, I seriously doubt that core (or anybody else that posted in response to the initial "problem") implied that "one needs to know about OS internals to run a lightweight server." The suggestion here seems to simply be that if you want to do _more_ than run a light-weight server and be able to protect yourself from _every_ type of idiotic DoS (or whatever), especially when being exposed to a multitude of possible DoS attacks (e.g. when running an IRC server), you have to know something more than just how to whine and complain about 'security.' I have a feeling that many people who want security-related issues fixed complain because they don't know what it involves -- and to know what it involves you have to know at least *something* about the way things work. Thus, my suggestion is to either help some of us better certain areas or take Dag-Erling's advice on running an IRC server whilst remaining protected (see previous posts) and save yourself the work. Also, I don't think that cross-posting to questions, stable, and security was necessary. --Bosko Milekic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.4.05.9909201505560.14980-100000>