Re: PTY DOS vulnerability?

Jesse Pollard (jesse@cats-chateau.net)
Tue, 1 Jul 2003 07:15:30 -0500

On Monday 30 June 2003 16:36, Alan Cox wrote:
> On Llu, 2003-06-30 at 22:31, Fredrik Tolf wrote:
> > That is true, though, of course. Stupid me not to think about
> > that. However, that means that an administrator who could find
> > himself being under such an attack might not think about it
> > either. Also, from the outside, the ssh client just does
> > nothing, making it look as if the server is unresponsive. Of
> > course, the exact error is logged to the server's syslog, but if
> > you can't view it, then you won't know about it.
> >
> > So all in all, do you think I should implement a per-user
> > resource limit on PTYs?
>
> There are a whole collection of things that would benefit from that kind
> of management - go for it but make it possible to add other stuff too

In thinking about that...

I would suggest a "resource allocation daemon", where resource is defined
to be non-kernel objects - devices mostly... ptys /dev/tape unmounted disks
removable media, specific files (not sure how to explain this one though, but
controlling access to specified fifo's, memory mapped files? how about
printer queues...)

Anything that gets defined as a system wide resource that users may access,
but exist as external (to the kernel) objects. It would need some kind of
kernel interface, but the access control would be defined outside the kernel.

The most the kernel would need is a "resource controlled by" and "resource
allocated to" identification so that the appropriate daemon could be invoked
(I do see a possibility for multiple resource allocation daemons).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/