Date: Mon, 20 Sep 1999 12:30:38 -0700 (PDT) From: Kip Macy <kip@lyris.com> To: Bosko Milekic <bmilekic@dsuper.net> Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>, Joao Carlos <jcarlos@bahianet.com.br>, security@FreeBSD.ORG, hitech@bahianet.com.br Subject: Re: Out of mbuf clusters Message-ID: <Pine.SOL.4.05.9909201229400.25063-100000@luna> In-Reply-To: <Pine.OSF.4.05.9909201505560.14980-100000@oracle.dsuper.net>
index | next in thread | previous in thread | raw e-mail
On Mon, 20 Sep 1999, Bosko Milekic wrote: > > > On Mon, 20 Sep 1999, Kip Macy wrote: > !>Here is where your philosophy diverges from many others -- I and I believe > !>many others think that a server operating system should at least be robust > !>out of the box. Neither Linux nor Solaris is vulnerable to running out of > !>mbufs as a result of malicious code. I don't think FreeBSD should be > !>either. > !> > !>This is in no way a rant against FreeBSD, but rather a rant against the > !>attitude that one needs to know about OS internals to run a lightweight > !>server. If all of core insisted that Joe User had to know about internals > !>to use FreeBSD as a server, FreeBSD would be little more than a hobbyist > !>OS, rather than what it is -- the best OS currently available. > !> > !> -Kip > !> > > First of all, you can't compare 'mbufs' with Linux. > > Second of all, there are advantages and disadvantages to every > implementation. There are people presently working on changing the > bahavior of certain shortage situations (like mbufs, for instance) but > this work is dedicated to making the present implemention _better_, and > not changing it entirely. > > Finally, although I don't officially represent the project, I > seriously doubt that core (or anybody else that posted in response to the > initial "problem") implied that "one needs to know about OS internals to > run a lightweight server." The suggestion here seems to simply be that if > you want to do _more_ than run a light-weight server and be able to > protect yourself from _every_ type of idiotic DoS (or whatever), > especially when being exposed to a multitude of possible DoS attacks (e.g. > when running an IRC server), you have to know something more than just how > to whine and complain about 'security.' I have a feeling that many people > who want security-related issues fixed complain because they don't know > what it involves -- and to know what it involves you have to know at least > *something* about the way things work. Thus, my suggestion is to either > help some of us better certain areas or take Dag-Erling's advice on > running an IRC server whilst remaining protected (see previous posts) and > save yourself the work. I stand corrected. > > Also, I don't think that cross-posting to questions, stable, and > security was necessary. > It was not, it just happened to be in the original cc-list. > > --Bosko Milekic > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.05.9909201229400.25063-100000>