[14139] in bugtraq
Re: Disk (over)quota in Windows 2000
daemon@ATHENA.MIT.EDU (Joe Melhado)
Thu Mar 2 12:54:29 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.3.2.20000301230758.04817220@earth.execnet.com>
Date: Wed, 1 Mar 2000 23:18:15 -0500
Reply-To: subs@dynsol.com
From: Joe Melhado <subs@DYNSOL.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10002292248490.30488-100000@crafter.house>
At 01:49 AM 3/1/00, Ian Turner wrote:
>Which is why effective quota security should enable inode limits as well
>as byte limits. If I can take up all the useable clusters with 0-byte
>files, that is just as bad as being able to take up the useable space
>with
>1-k files.
NT4 had no quotas so the complaints were few, although there was a call
for them.
Now MS put them in and we are assuming that their purpose is to prevent
DoS attacks.
I've worked with systems with disk quotas for more decades than I'd
like to admit and we never looked at them as a way to prevent malicious
people from filling up the disk. Their main purpose was historically to
prevent careless or greedy users from tying up space by forcing them to
maintain their on line storage.
Quotas worked well for this purpose. If this is the philosophy behind
the MS implementation, it will do its intended job just fine.
The fact that it could have solved another problem as well may make the
implementation fall short of our desires, but that doesn't make it
buggy (IMHO), just not what we, with 20-20 hindsight, would like to
see them have done.
Maybe they'll improve it if we ask nicely. There are lots of other
things that MS does that I'd like fixed that are higher on my priority
list.
Joe
------------------------------------
There is always an easy solution to every human problem
-- neat, plausible, and wrong. -H. L. Mencken
