From owner-freebsd-security  Fri Nov 22  4:40: 8 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2DE2837B401
	for <freebsd-security@freebsd.org>; Fri, 22 Nov 2002 04:40:07 -0800 (PST)
Received: from bas.flux.utah.edu (bas.flux.utah.edu [155.98.60.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9E50343E4A
	for <freebsd-security@freebsd.org>; Fri, 22 Nov 2002 04:40:06 -0800 (PST)
	(envelope-from danderse@flux.utah.edu)
Received: from bas.flux.utah.edu (localhost [127.0.0.1])
	by bas.flux.utah.edu (8.12.5/8.12.5) with ESMTP id gAMCe6As014017;
	Fri, 22 Nov 2002 05:40:06 -0700 (MST)
	(envelope-from danderse@bas.flux.utah.edu)
Received: (from danderse@localhost)
	by bas.flux.utah.edu (8.12.5/8.12.5/Submit) id gAMCe55q014016;
	Fri, 22 Nov 2002 05:40:05 -0700 (MST)
Date: Fri, 22 Nov 2002 05:40:05 -0700
From: "David G. Andersen" <danderse@cs.utah.edu>
To: Mike Silbersack <silby@silby.com>, freebsd-security@freebsd.org
Subject: Re: File table exhaustion patch
Message-ID: <20021122054005.A13937@cs.utah.edu>
References: <20021121105204.B75421@cs.utah.edu> <20021121152539.U44884-100000@patrocles.silby.com> <20021122080515.GQ36738@starjuice.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20021122080515.GQ36738@starjuice.net>; from sheldonh@starjuice.net on Fri, Nov 22, 2002 at 10:05:15AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Sheldon Hearn just mooed:
> On (2002/11/21 15:29), Mike Silbersack wrote:
> 
> > HOWEVER, we're in a code freeze leading up to 5.0-release, and local DoSes
> > aren't a critical bug.
> 
> Is that the official FreeBSD SO team viewpoint on local DoS
> vulnerabilities?

  Well, keep in mind that this isn't really a bad one - it doesn't
crash the machine, and it's moderately easy to identify the (l)user who's
doing it.  I've actually not seen this happen maliciously, I've only
seen it happen by accident with buggy research code, some of it mine.
It's annoying when it happens, but there are a million things a local
user can do to be annoying.

  -Dave

-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message