[26101] in bugtraq
Re: Linux kernels DoSable by file-max limit
daemon@ATHENA.MIT.EDU (Paul Starzetz)
Tue Jul 9 14:29:30 2002
Message-ID: <3D2AAF30.5040200@starzetz.de>
Date: Tue, 09 Jul 2002 11:38:56 +0200
From: Paul Starzetz <paul@starzetz.de>
MIME-Version: 1.0
To: Kurt Seifried <bugtraq@seifried.org>
Cc: bugtraq@securityfocus.com, vendor-sec <vendor-sec@lst.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Kurt Seifried wrote:
>>Solution: no temporary solution yet, there should be a global per user
>>file limit, the reserved file descriptors should be given out under
>>another uid/euid policy. The NR_RESERVED_FILES limit seems to me to be
>>really low.
>>
>>
>
>Huh. Simply limit users, PAM provides this capability, as do most shells.
>From: http://seifried.org/lasg/users/
>
>
Yes, but maybe the point of my original posting was not completely clear
to everybody. Just look at the [*] line in the original post. The
problem is the policy to give out the reserved file descriptors.
Limiting users is a well known issue (to mostly everybody here I think)
but sometimes it is not applicable or even not enough to prevent this
kind of DoS.
regards,
Paul Starzetz
