Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 4 Sep 1999 20:05:27 -0400 (EDT)
From:      "Brian F. Feldman" <green@FreeBSD.org>
To:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc:        Nick Hibma <hibma@skylink.it>, FreeBSD -- The Power to Serve <geniusj@free-bsd.org>, Mike Tancsa <mike@sentex.net>, freebsd-security@FreeBSD.org
Subject:   Re: FW: Local DoS in FreeBSD
Message-ID:  <Pine.BSF.4.10.9909042003450.76486-100000@janus.syracuse.net>
In-Reply-To: <199909012046.QAA07324@khavrinen.lcs.mit.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Sep 1999, Garrett Wollman wrote:

> <<On Wed, 1 Sep 1999 22:19:40 +0200 (CEST), Nick Hibma <hibma@skylink.it> said:
> 
> > One of the features I like about Unix is for example free space
> > available solely to the root user. It could be imagined that these
> > things also apply to file handles, memory/swap space and other scarce
> > resources.
> 
> We have known for some time that the problem originally described
> exists, but developing an acceptable solution has been a challenge.
> Now that sockets carry around user credentials, it may perhaps not be
> as difficult as it used to be.
> 
> What needs to be done is to impose a per-UID resource limit on the
> amount of socket buffer space available.

That's what peter and I came up with at least :)

> 
> What's not clear is:
> 
> 	1) At what level do you impose this limit?

Resource limit, definitely.

> 
> 	2) Should the limit be statistical or exact?

Well, I have it exact it would seem.

> 
> 	3) What is a sensible default value?

Whatever's in login.conf? :) Would you mind helping me out with
http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails
in some cases, which I need help tracking down.

> 
> -GAWollman
> 
> --
> Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
> wollman@lcs.mit.edu  | O Siem / The fires of freedom 
> Opinions not those of| Dance in the burning flame
> MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

-- 
 Brian Fundakowski Feldman           /  "Any sufficiently advanced bug is    \
 green@FreeBSD.org                   |   indistinguishable from a feature."  |
     FreeBSD: The Power to Serve!    \        -- Rich Kulawiec               /



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909042003450.76486-100000>