Actually, a secure box should run with RLIMIT_AS (Linux-ism?) set on all daemons... I started using it on apache httpd to prevent the header-spam DoS, but it seems like a good idea on all processes that shouldn't consume much memory. Taral > -----Original Message----- > Suggested fix: read a fixed-size read buffer from the network. No > reasonable ident query needs to be longer than a couple bytes for > the two port numbers. When used in the right place, fixed-size > buffers are beneficial to security. > > Wietse >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:32 PDT