OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: David G. Andersen (danderse_at_cs.utah.edu)
Date: Thu Nov 21 2002 - 11:52:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    In PR 45353, I've submitted a patch to reserve a handfull of
    file table entries for root-only use, to mitigate the effects
    of user processes that leak file descriptors:

      http://www.freebsd.org/cgi/query-pr.cgi?pr=45353

    Even with per-process file descriptor limits, it's pretty
    easy for a buggy program that does any kind of forking to
    run the system out of file table entries (or for a malicious
    user to do so). The patch above is trivial, and at least
    enables root to login and fix things up a bit. I've been
    running it locally for about a week, and it's happy.

    Is the form of the solution acceptable? (And if so, anyone
    interested in committing it to -current for a while? ;-)

      -Dave 

    -- 
work: dgalcs.mit.edu                          me:  dgapobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
      I do not accept unsolicited commercial email.  Do not spam me.

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message