Date: Sat, 4 Sep 1999 23:12:40 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD Message-ID: <199909050312.XAA26309@khavrinen.lcs.mit.edu> In-Reply-To: <Pine.BSF.4.10.9909042003450.76486-100000@janus.syracuse.net> References: <199909012046.QAA07324@khavrinen.lcs.mit.edu> <Pine.BSF.4.10.9909042003450.76486-100000@janus.syracuse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sat, 4 Sep 1999 20:05:27 -0400 (EDT), "Brian F. Feldman" <green@FreeBSD.org> said: >> [I wrote:] >> What's not clear is: >> >> 1) At what level do you impose this limit? > Resource limit, definitely. You totally missed the point. >> 2) Should the limit be statistical or exact? > Well, I have it exact it would seem. So you clearly haven't actually thought about what the right answer is. >> 3) What is a sensible default value? > Whatever's in login.conf? Not at all helpful. > http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails > in some cases, which I need help tracking down. I think if you're not going to implement the Right Thing, there's no sense adding all that complexity -- just make a per-socket limit, and require the sysadmin to tune his kernel to match the resource limits established. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909050312.XAA26309>