Bugtraq mailing list archives
Re: Linux kernels DoSable by file-max limit
From: Paul Starzetz <paul () starzetz de>
Date: Tue, 09 Jul 2002 11:38:56 +0200
Kurt Seifried wrote:
Yes, but maybe the point of my original posting was not completely clear to everybody. Just look at the [*] line in the original post. The problem is the policy to give out the reserved file descriptors. Limiting users is a well known issue (to mostly everybody here I think) but sometimes it is not applicable or even not enough to prevent this kind of DoS.Solution: no temporary solution yet, there should be a global per user file limit, the reserved file descriptors should be given out under another uid/euid policy. The NR_RESERVED_FILES limit seems to me to be really low.Huh. Simply limit users, PAM provides this capability, as do most shells. From: http://seifried.org/lasg/users/
regards, Paul Starzetz
Current thread:
- Linux kernels DoSable by file-max limit Paul Starzetz (Jul 08)
- Re: Linux kernels DoSable by file-max limit Kurt Seifried (Jul 08)
- Re: Linux kernels DoSable by file-max limit Aleksander Adamowski (Jul 09)
- Re: Linux kernels DoSable by file-max limit Paul Starzetz (Jul 09)
- Re: Linux kernels DoSable by file-max limit Michal Zalewski (Jul 09)
- Re: Linux kernels DoSable by file-max limit Jim Breton (Jul 10)
- Re: Linux kernels DoSable by file-max limit Andrea Arcangeli (Jul 10)
- <Possible follow-ups>
- Re: Linux kernels DoSable by file-max limit elv (Jul 10)
- Re: Linux kernels DoSable by file-max limit Kurt Seifried (Jul 08)