Date: Sat, 4 Sep 1999 20:05:27 -0400 (EDT) From: "Brian F. Feldman" <green@FreeBSD.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Nick Hibma <hibma@skylink.it>, FreeBSD -- The Power to Serve <geniusj@free-bsd.org>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD Message-ID: <Pine.BSF.4.10.9909042003450.76486-100000@janus.syracuse.net> In-Reply-To: <199909012046.QAA07324@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Sep 1999, Garrett Wollman wrote: > <<On Wed, 1 Sep 1999 22:19:40 +0200 (CEST), Nick Hibma <hibma@skylink.it> said: > > > One of the features I like about Unix is for example free space > > available solely to the root user. It could be imagined that these > > things also apply to file handles, memory/swap space and other scarce > > resources. > > We have known for some time that the problem originally described > exists, but developing an acceptable solution has been a challenge. > Now that sockets carry around user credentials, it may perhaps not be > as difficult as it used to be. > > What needs to be done is to impose a per-UID resource limit on the > amount of socket buffer space available. That's what peter and I came up with at least :) > > What's not clear is: > > 1) At what level do you impose this limit? Resource limit, definitely. > > 2) Should the limit be statistical or exact? Well, I have it exact it would seem. > > 3) What is a sensible default value? Whatever's in login.conf? :) Would you mind helping me out with http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails in some cases, which I need help tracking down. > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ green@FreeBSD.org | indistinguishable from a feature." | FreeBSD: The Power to Serve! \ -- Rich Kulawiec / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909042003450.76486-100000>