From owner-freebsd-security  Sun Sep  5  4:54:38 1999
Delivered-To: freebsd-security@freebsd.org
Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15])
	by hub.freebsd.org (Postfix) with ESMTP id E052C14DF7
	for <freebsd-security@FreeBSD.org>; Sun,  5 Sep 1999 04:54:31 -0700 (PDT)
	(envelope-from green@FreeBSD.org)
Received: from localhost (green@localhost)
	by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id HAA87024;
	Sun, 5 Sep 1999 07:54:40 -0400 (EDT)
X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs
Date: Sun, 5 Sep 1999 07:54:40 -0400 (EDT)
From: "Brian F. Feldman" <green@FreeBSD.org>
X-Sender: green@janus.syracuse.net
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: freebsd-security@FreeBSD.org
Subject: Re: FW: Local DoS in FreeBSD
In-Reply-To: <199909050312.XAA26309@khavrinen.lcs.mit.edu>
Message-ID: <Pine.BSF.4.10.9909050751280.86690-100000@janus.syracuse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, 4 Sep 1999, Garrett Wollman wrote:

> <<On Sat, 4 Sep 1999 20:05:27 -0400 (EDT), "Brian F. Feldman" <green@FreeBSD.org> said:
> 
> >> [I wrote:]
> >> What's not clear is:
> >> 
> >> 1) At what level do you impose this limit?
> 
> > Resource limit, definitely.
> 
> You totally missed the point.

Did you mean at socket creation time/sb allocation time, or actual
_usage_ when the mbufs are being taken up?

> 
> >> 2) Should the limit be statistical or exact?
> 
> > Well, I have it exact it would seem.
> 
> So you clearly haven't actually thought about what the right answer
> is.
> 
> >> 3) What is a sensible default value?
> 
> > Whatever's in login.conf?
> 
> Not at all helpful.

How about the size necessary for send + rcv space for a TCP socket *
number of maximum user processes?

> 
> > http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails
> > in some cases, which I need help tracking down.
> 
> I think if you're not going to implement the Right Thing, there's no
> sense adding all that complexity -- just make a per-socket limit, and
> require the sysadmin to tune his kernel to match the resource limits
> established.

Err... But some users need lots of of file descriptors and/or processes.
That would still leave this hole open.

> 
> -GAWollman
> 
> --
> Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
> wollman@lcs.mit.edu  | O Siem / The fires of freedom 
> Opinions not those of| Dance in the burning flame
> MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
> 

-- 
 Brian Fundakowski Feldman           /  "Any sufficiently advanced bug is    \
 green@FreeBSD.org                   |   indistinguishable from a feature."  |
     FreeBSD: The Power to Serve!    \        -- Rich Kulawiec               /



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message