From owner-freebsd-net@FreeBSD.ORG  Mon Jul 17 18:24:31 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: net@freebsd.org
Delivered-To: freebsd-net@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4EF7616A4EB;
	Mon, 17 Jul 2006 18:24:31 +0000 (UTC)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from aldan.algebra.com (aldan.algebra.com [216.254.65.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7598043D46;
	Mon, 17 Jul 2006 18:24:30 +0000 (GMT)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from corbulon.video-collage.com
	(static-151-204-231-237.bos.east.verizon.net [151.204.231.237])
	by aldan.algebra.com (8.13.6/8.13.6) with ESMTP id k6HIONe9041492
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 17 Jul 2006 14:24:25 -0400 (EDT)
	(envelope-from mi+mx@aldan.algebra.com)
Received: from [172.21.130.86] (mx-broadway [38.98.68.18])
	by corbulon.video-collage.com (8.13.6/8.13.6) with ESMTP id
	k6HIOHI6020041
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Mon, 17 Jul 2006 14:24:17 -0400 (EDT)
	(envelope-from mi+mx@aldan.algebra.com)
From: Mikhail Teterin <mi+mx@aldan.algebra.com>
Organization: Virtual Estates, Inc.
To: "David J. Orman" <ormandj@corenode.com>
Date: Mon, 17 Jul 2006 14:24:11 -0400
User-Agent: KMail/1.9.1
References: <200607171306.01882.mi+mx@aldan.algebra.com>
	<200607171358.09943.mi+mx@aldan.algebra.com>
	<c88e9a881918.44bb45a9@corenode.com>
In-Reply-To: <c88e9a881918.44bb45a9@corenode.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="koi8-u"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Message-Id: <200607171424.11726.mi+mx@aldan.algebra.com>
X-Virus-Scanned: ClamAV 0.88/1600/Sat Jul 15 11:03:46 2006 on
	corbulon.video-collage.com
X-Virus-Status: Clean
X-Scanned-By: MIMEDefang 2.43
Cc: isp@freebsd.org, net@freebsd.org
Subject: Re: forcing FTP-uploaded files to be of certain types only
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jul 2006 18:24:31 -0000

понед╕лок 17 липень 2006 14:09, David J. Orman написав:
> That could lead to many DoS attacks, high load, etc - but as you said you
> trust the users, I suspect this is not an issue to you. I personally code
> with security in mind no matter the situation, but you decide what is best
> for you. :)

Well, it is not hard to compress 100K (that are still in RAM) on a modern CPU. 
And we can just as well try 8K. It is, probably, easier, than to, say, look 
up an article in a database -- something web-servers do many times per 
second :-) Our FTP uploads happen far less often -- only 10-20 times per 
day...

The probability of a DoS of the full filesystem is far more likely (actually 
happened a few times), than the DoS of overloading the CPU (and inetd takes 
care of not starting too many too often).

Thanks a lot for your recommendations!

	-mi