Date: Wed, 1 Sep 1999 16:46:08 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Nick Hibma <hibma@skylink.it> Cc: FreeBSD -- The Power to Serve <geniusj@free-bsd.org>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD Message-ID: <199909012046.QAA07324@khavrinen.lcs.mit.edu> In-Reply-To: <Pine.BSF.4.10.9909012215420.7489-100000@heidi.plazza.it> References: <Pine.BSF.4.10.9909011409520.19266-100000@free-bsd.org> <Pine.BSF.4.10.9909012215420.7489-100000@heidi.plazza.it>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Wed, 1 Sep 1999 22:19:40 +0200 (CEST), Nick Hibma <hibma@skylink.it> said: > One of the features I like about Unix is for example free space > available solely to the root user. It could be imagined that these > things also apply to file handles, memory/swap space and other scarce > resources. We have known for some time that the problem originally described exists, but developing an acceptable solution has been a challenge. Now that sockets carry around user credentials, it may perhaps not be as difficult as it used to be. What needs to be done is to impose a per-UID resource limit on the amount of socket buffer space available. What's not clear is: 1) At what level do you impose this limit? 2) Should the limit be statistical or exact? 3) What is a sensible default value? -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909012046.QAA07324>