From owner-freebsd-security Wed Sep 1 13:48:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 2611915529 for ; Wed, 1 Sep 1999 13:48:40 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id QAA07324; Wed, 1 Sep 1999 16:46:08 -0400 (EDT) (envelope-from wollman) Date: Wed, 1 Sep 1999 16:46:08 -0400 (EDT) From: Garrett Wollman Message-Id: <199909012046.QAA07324@khavrinen.lcs.mit.edu> To: Nick Hibma Cc: FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > One of the features I like about Unix is for example free space > available solely to the root user. It could be imagined that these > things also apply to file handles, memory/swap space and other scarce > resources. We have known for some time that the problem originally described exists, but developing an acceptable solution has been a challenge. Now that sockets carry around user credentials, it may perhaps not be as difficult as it used to be. What needs to be done is to impose a per-UID resource limit on the amount of socket buffer space available. What's not clear is: 1) At what level do you impose this limit? 2) Should the limit be statistical or exact? 3) What is a sensible default value? -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message