Re: Fw: Local Denial-of-Service attack against Linux

• Previous message: Russell King: "2.3.99pre3: multiple IP packets sent with ID 0"
• In reply to: Alexei Kuznetsov: "Re: Fw: Local Denial-of-Service attack against Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexei Kuznetsov wrote:
>
> --- linux/net/unix/af_unix.c~ Tue Aug 10 03:05:10 1999
> +++ linux/net/unix/af_unix.c Sat Mar 25 22:31:47 2000
> @@ -969,6 +969,10 @@
> return -ENOTCONN;
> }
>
> + err = -EMSGSIZE;
> + if (len > sk->sndbuf)
> + goto out;
> +

Is that really a good idea?
* someone could set sndbuf > 131kB.
* what about the other protocols?

I thought about failing sock_alloc_send_skb() for skb data blocks > 131
kB.

Btw, is there a definition what wmem_max and sk->sndbuf should do?
The code is really weird:

* sk->sndbuf is initialized to wmem_default, but sock_setsockopt() sets
sk->sndbuf to 2*the user supplied number.

* the unix stream implementation writes blocks of at most sndbuf/2.
* unix_writable() divides sndbuf/4.
* sock_wmalloc() allows one allocation past sk->sndbuf.

--
	Manfred
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: John Alvord: "Re: s/390 architecture problems?"
• Previous message: Russell King: "2.3.99pre3: multiple IP packets sent with ID 0"
• In reply to: Alexei Kuznetsov: "Re: Fw: Local Denial-of-Service attack against Linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sat Mar 25 2000 - 10:50:01 EST