Date: Sun, 5 Sep 1999 07:54:40 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD Message-ID: <Pine.BSF.4.10.9909050751280.86690-100000@janus.syracuse.net> In-Reply-To: <199909050312.XAA26309@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 4 Sep 1999, Garrett Wollman wrote: > <<On Sat, 4 Sep 1999 20:05:27 -0400 (EDT), "Brian F. Feldman" <green@FreeBSD.org> said: > > >> [I wrote:] > >> What's not clear is: > >> > >> 1) At what level do you impose this limit? > > > Resource limit, definitely. > > You totally missed the point. Did you mean at socket creation time/sb allocation time, or actual _usage_ when the mbufs are being taken up? > > >> 2) Should the limit be statistical or exact? > > > Well, I have it exact it would seem. > > So you clearly haven't actually thought about what the right answer > is. > > >> 3) What is a sensible default value? > > > Whatever's in login.conf? > > Not at all helpful. How about the size necessary for send + rcv space for a TCP socket * number of maximum user processes? > > > http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails > > in some cases, which I need help tracking down. > > I think if you're not going to implement the Right Thing, there's no > sense adding all that complexity -- just make a per-socket limit, and > require the sysadmin to tune his kernel to match the resource limits > established. Err... But some users need lots of of file descriptors and/or processes. That would still leave this hole open. > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > -- Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ green@FreeBSD.org | indistinguishable from a feature." | FreeBSD: The Power to Serve! \ -- Rich Kulawiec / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909050751280.86690-100000>