From owner-freebsd-security Mon Sep 20 12:31:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from luna.lyris.net (luna.shelby.com [207.90.155.6]) by hub.freebsd.org (Postfix) with ESMTP id D9B4915595 for ; Mon, 20 Sep 1999 12:31:29 -0700 (PDT) (envelope-from kip@lyris.com) Received: from luna.shelby.com by luna.lyris.net (8.9.1b+Sun/SMI-SVR4) id MAA03613; Mon, 20 Sep 1999 12:30:38 -0700 (PDT) Received: from (luna.shelby.com [207.90.155.6]) by luna.shelby.com with SMTP (MailShield v1.50); Mon, 20 Sep 1999 12:30:38 -0700 Date: Mon, 20 Sep 1999 12:30:38 -0700 (PDT) From: Kip Macy X-Sender: kip@luna To: Bosko Milekic Cc: Dag-Erling Smorgrav , Joao Carlos , security@FreeBSD.ORG, hitech@bahianet.com.br Subject: Re: Out of mbuf clusters In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-SMTP-HELO: luna X-SMTP-MAIL-FROM: kip@lyris.com X-SMTP-RCPT-TO: bmilekic@dsuper.net,des@flood.ping.uio.no,jcarlos@bahianet.com.br,security@FreeBSD.ORG,hitech@bahianet.com.br X-SMTP-PEER-INFO: luna.shelby.com [207.90.155.6] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 20 Sep 1999, Bosko Milekic wrote: > > > On Mon, 20 Sep 1999, Kip Macy wrote: > !>Here is where your philosophy diverges from many others -- I and I believe > !>many others think that a server operating system should at least be robust > !>out of the box. Neither Linux nor Solaris is vulnerable to running out of > !>mbufs as a result of malicious code. I don't think FreeBSD should be > !>either. > !> > !>This is in no way a rant against FreeBSD, but rather a rant against the > !>attitude that one needs to know about OS internals to run a lightweight > !>server. If all of core insisted that Joe User had to know about internals > !>to use FreeBSD as a server, FreeBSD would be little more than a hobbyist > !>OS, rather than what it is -- the best OS currently available. > !> > !> -Kip > !> > > First of all, you can't compare 'mbufs' with Linux. > > Second of all, there are advantages and disadvantages to every > implementation. There are people presently working on changing the > bahavior of certain shortage situations (like mbufs, for instance) but > this work is dedicated to making the present implemention _better_, and > not changing it entirely. > > Finally, although I don't officially represent the project, I > seriously doubt that core (or anybody else that posted in response to the > initial "problem") implied that "one needs to know about OS internals to > run a lightweight server." The suggestion here seems to simply be that if > you want to do _more_ than run a light-weight server and be able to > protect yourself from _every_ type of idiotic DoS (or whatever), > especially when being exposed to a multitude of possible DoS attacks (e.g. > when running an IRC server), you have to know something more than just how > to whine and complain about 'security.' I have a feeling that many people > who want security-related issues fixed complain because they don't know > what it involves -- and to know what it involves you have to know at least > *something* about the way things work. Thus, my suggestion is to either > help some of us better certain areas or take Dag-Erling's advice on > running an IRC server whilst remaining protected (see previous posts) and > save yourself the work. I stand corrected. > > Also, I don't think that cross-posting to questions, stable, and > security was necessary. > It was not, it just happened to be in the original cc-list. > > --Bosko Milekic > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message