|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Paul Starzetz (paul_at_starzetz.de)
Date: Tue Jul 09 2002 - 04:38:56 CDT
Kurt Seifried wrote:
>>Solution: no temporary solution yet, there should be a global per user
>>file limit, the reserved file descriptors should be given out under
>>another uid/euid policy. The NR_RESERVED_FILES limit seems to me to be
>>really low.
>>
>>
>
>Huh. Simply limit users, PAM provides this capability, as do most shells.
>From: http://seifried.org/lasg/users/
>
>
Yes, but maybe the point of my original posting was not completely clear
to everybody. Just look at the [*] line in the original post. The
problem is the policy to give out the reserved file descriptors.
Limiting users is a well known issue (to mostly everybody here I think)
but sometimes it is not applicable or even not enough to prevent this
kind of DoS.
regards,
Paul Starzetz
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]