Date: Thu, 8 Jun 2000 17:36:14 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: stable@FreeBSD.org Subject: "sbsize" path for testing!! Message-ID: <Pine.BSF.4.21.0006081724240.16585-100000@green.dyndns.org>
next in thread | raw e-mail | index | archive | help
Per request of users and the security officer, I've backported the changes from 4.0/5.0 which allow administrative control over the socket resources a user can allocate. I need testers to get this done before 3.5-RELEASE, as my crash-box is -CURRENT. I think I have caught all of the problematic parts of the code and merged things correctly, so I do not _expect_ anything to go wrong. The big problem is that people are using the DoS (indeed, it has just been reposted on BugTraq for some unknown reason), and something must be done to prevent a user from crashing the system like that. Changing the limit is as easy as modifying /etc/login.conf, and a default value should be in place. I don't know what the default value should be, so I invite estimates on how much socket buffer space a user really needs. The patch, which will necessitate both a make world and new kernel/modules build, is located at: http://people.FreeBSD.org/~green/sbsize_etc.RELENG_3.patch In addition to the sbsize change, there's a relatively minor change to struct socket which does break binary compatibility of kernel modules if they use that member (so_cred). Anything groveling in the kernel memory, like pidentd, would need to be recompiled/modified, but pidentd itself (now uses the proper interface to get the data it needs. So, anyone who can, test it out and report back. I need to get this done within the week or so :) -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006081724240.16585-100000>