From owner-freebsd-security Mon Sep 20 12:27:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from oracle.dsuper.net (oracle.dsuper.net [205.205.255.1]) by hub.freebsd.org (Postfix) with ESMTP id 6E59A14E1D for ; Mon, 20 Sep 1999 12:27:50 -0700 (PDT) (envelope-from bmilekic@dsuper.net) Received: from oracle.dsuper.net (oracle.dsuper.net [205.205.255.1]) by oracle.dsuper.net (8.9.3/8.9.3) with ESMTP id PAA14385; Mon, 20 Sep 1999 15:26:17 -0400 (EDT) Date: Mon, 20 Sep 1999 15:26:17 -0400 (EDT) From: Bosko Milekic To: Kip Macy Cc: Dag-Erling Smorgrav , Joao Carlos , security@FreeBSD.ORG, hitech@bahianet.com.br Subject: Re: Out of mbuf clusters In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 20 Sep 1999, Kip Macy wrote: !>Here is where your philosophy diverges from many others -- I and I believe !>many others think that a server operating system should at least be robust !>out of the box. Neither Linux nor Solaris is vulnerable to running out of !>mbufs as a result of malicious code. I don't think FreeBSD should be !>either. !> !>This is in no way a rant against FreeBSD, but rather a rant against the !>attitude that one needs to know about OS internals to run a lightweight !>server. If all of core insisted that Joe User had to know about internals !>to use FreeBSD as a server, FreeBSD would be little more than a hobbyist !>OS, rather than what it is -- the best OS currently available. !> !> -Kip !> First of all, you can't compare 'mbufs' with Linux. Second of all, there are advantages and disadvantages to every implementation. There are people presently working on changing the bahavior of certain shortage situations (like mbufs, for instance) but this work is dedicated to making the present implemention _better_, and not changing it entirely. Finally, although I don't officially represent the project, I seriously doubt that core (or anybody else that posted in response to the initial "problem") implied that "one needs to know about OS internals to run a lightweight server." The suggestion here seems to simply be that if you want to do _more_ than run a light-weight server and be able to protect yourself from _every_ type of idiotic DoS (or whatever), especially when being exposed to a multitude of possible DoS attacks (e.g. when running an IRC server), you have to know something more than just how to whine and complain about 'security.' I have a feeling that many people who want security-related issues fixed complain because they don't know what it involves -- and to know what it involves you have to know at least *something* about the way things work. Thus, my suggestion is to either help some of us better certain areas or take Dag-Erling's advice on running an IRC server whilst remaining protected (see previous posts) and save yourself the work. Also, I don't think that cross-posting to questions, stable, and security was necessary. --Bosko Milekic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message