From owner-freebsd-security Sat Sep 4 20:13: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 2FBB11500A; Sat, 4 Sep 1999 20:12:57 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id XAA26309; Sat, 4 Sep 1999 23:12:40 -0400 (EDT) (envelope-from wollman) Date: Sat, 4 Sep 1999 23:12:40 -0400 (EDT) From: Garrett Wollman Message-Id: <199909050312.XAA26309@khavrinen.lcs.mit.edu> To: "Brian F. Feldman" Cc: freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: References: <199909012046.QAA07324@khavrinen.lcs.mit.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: >> [I wrote:] >> What's not clear is: >> >> 1) At what level do you impose this limit? > Resource limit, definitely. You totally missed the point. >> 2) Should the limit be statistical or exact? > Well, I have it exact it would seem. So you clearly haven't actually thought about what the right answer is. >> 3) What is a sensible default value? > Whatever's in login.conf? Not at all helpful. > http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails > in some cases, which I need help tracking down. I think if you're not going to implement the Right Thing, there's no sense adding all that complexity -- just make a per-socket limit, and require the sysadmin to tune his kernel to match the resource limits established. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message