From owner-freebsd-current Sat Apr 10 13:51:46 1999 Delivered-To: freebsd-current@freebsd.org Received: from bouvreuil.cybercable.fr (bouvreuil.cybercable.fr [212.198.3.12]) by hub.freebsd.org (Postfix) with SMTP id 5B3C815046 for ; Sat, 10 Apr 1999 13:51:07 -0700 (PDT) (envelope-from herbelot@cybercable.fr) Received: (qmail 6453 invoked from network); 10 Apr 1999 22:48:47 +0200 Received: from d225.paris-21.cybercable.fr (HELO cybercable.fr) (212.198.21.225) by bouvreuil.cybercable.fr with SMTP; 10 Apr 1999 20:48:47 -0000 Message-ID: <370FB930.6EE6A95C@cybercable.fr> Date: Sat, 10 Apr 1999 22:48:48 +0200 From: Thierry Herbelot Organization: Les barbus =?iso-8859-1?Q?associ=E9s?=, Paris, France X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-CURRENT i386) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Dillon Cc: freebsd-current@FreeBSD.ORG Subject: Re: DoS from local users (fwd) References: <199904102030.NAA08796@rah.star-gate.com> <199904102037.NAA01262@apollo.backplane.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, Let's remember a motto of J. Pournelle of the late Byte : one User, more than one CPU (let people hog their workstation as much as they want ...) And another good resolution : no shell accounts for normal users on sensitive servers (no lusers which could want to DoS the servers allowed) Every base covered ? Cheers TfH Matthew Dillon wrote: > > : > :It should be possible to prevent a user from hogging a system if the system's > :naive scheduler is improved. > : > : Amancio > > No, it isn't. For a very simple reason: The resources users need to do > real work are very similar to the resources users need to hog the system. > > Saying that the system should somehow be able to magically make the > distinction between the two is a pipedream. It takes a human to make > the distinction. > > Short of restricting the resources you give to users to the point where > they can't even start a mail or news client, there is just no way to > prevent said users from loading down the machine if they choose to. > > -Matt > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-current" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message