Bugtraq mailing list archives
Re: ANNOUNCE: secure identd v0.3
From: wietse () PORCUPINE ORG (Wietse Venema)
Date: Wed, 16 Sep 1998 20:57:28 -0400
rlimits can be used as a safety net, but I prefer that the program itself remains in control of its resource usage. I just don't find it very elegant to crash and die on illegal input... For example, when all data objects have limited size, and when the number of objects instances is limited, so is the amount of memory required to hold those objects. This just changes some programs into special-purpose cache managers. In the days of 16-bit and smaller computers, real programmers had to do real work to make their programs actually fit the machine. Perhaps I am just showing my age. Wietse Taral:
Actually, a secure box should run with RLIMIT_AS (Linux-ism?) set on all daemons... I started using it on apache httpd to prevent the header-spam DoS, but it seems like a good idea on all processes that shouldn't consume much memory. Taral-----Original Message----- Suggested fix: read a fixed-size read buffer from the network. No reasonable ident query needs to be longer than a couple bytes for the two port numbers. When used in the right place, fixed-size buffers are beneficial to security. Wietse
Current thread:
- ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 14)
- Re: ANNOUNCE: secure identd v0.3 Booker Bense (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Paul Boehm (Sep 15)
- Re: ANNOUNCE: secure identd v0.3 Taral (Sep 16)
- Re: ANNOUNCE: secure identd v0.3 Wietse Venema (Sep 16)
- Re: ANNOUNCE: secure identd v0.3 Kragen (Sep 17)