Re: ANNOUNCE: secure identd v0.3

From: Taral (taralat_private)
Date: Wed Sep 16 1998 - 16:22:37 PDT

Next message: Martin Mares: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"

Previous message: Wietse Venema: "Re: ANNOUNCE: secure identd v0.3"
Maybe in reply to: Paul Boehm: "ANNOUNCE: secure identd v0.3"
Next in thread: Kragen: "Re: ANNOUNCE: secure identd v0.3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Actually, a secure box should run with RLIMIT_AS (Linux-ism?) set on all
daemons... I started using it on apache httpd to prevent the header-spam
DoS, but it seems like a good idea on all processes that shouldn't consume
much memory.

Taral

> -----Original Message-----
> Suggested fix: read a fixed-size read buffer from the network.  No
> reasonable ident query needs to be longer than a couple bytes for
> the two port numbers. When used in the right place, fixed-size
> buffers are beneficial to security.
>
>         Wietse
>

Next message: Martin Mares: "Re: Dump a mode --x--x--x binary on Linux 2.0.x"
Previous message: Wietse Venema: "Re: ANNOUNCE: secure identd v0.3"
Maybe in reply to: Paul Boehm: "ANNOUNCE: secure identd v0.3"
Next in thread: Kragen: "Re: ANNOUNCE: secure identd v0.3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:32 PDT