Re: Linux kernels DoSable by file-max limit

From: Paul Starzetz (paulat_private)
Date: Tue Jul 09 2002 - 02:38:56 PDT

Next message: Michal Zalewski: "Re: Linux kernels DoSable by file-max limit"

Previous message: Matthew Murphy: "ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)"
In reply to: Kurt Seifried: "Re: Linux kernels DoSable by file-max limit"
Next in thread: Michal Zalewski: "Re: Linux kernels DoSable by file-max limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kurt Seifried wrote:

>>Solution: no temporary solution yet, there should be a global per user
>>file limit, the reserved file descriptors should be given out under
>>another uid/euid policy. The NR_RESERVED_FILES limit seems to me to be
>>really low.
>>    
>>
>
>Huh. Simply limit users, PAM provides this capability, as do most shells.
>From: http://seifried.org/lasg/users/
>  
>
Yes, but maybe the point of my original posting was not completely clear 
to everybody. Just look at the [*] line in the original post. The 
problem is the policy to give out the reserved file descriptors. 
Limiting users is a well known issue (to mostly everybody here I think) 
but sometimes it is not applicable or even not enough to prevent this 
kind of DoS.

regards,

Paul Starzetz

Next message: Michal Zalewski: "Re: Linux kernels DoSable by file-max limit"
Previous message: Matthew Murphy: "ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow)"
In reply to: Kurt Seifried: "Re: Linux kernels DoSable by file-max limit"
Next in thread: Michal Zalewski: "Re: Linux kernels DoSable by file-max limit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 09 2002 - 11:29:06 PDT