From: Svein Ove Aas <svein.ove@aas.no>
To: "Clayton Weaver" <cgweav@email.com>, linux-kernel@vger.kernel.org
Subject: Re: PTY DOS vulnerability?
Date: Wed, 9 Jul 2003 12:08:07 +0200
User-Agent: KMail/1.5.2
References: <20030708231157.7322.qmail@email.com>
In-Reply-To: <20030708231157.7322.qmail@email.com>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Description: clearsigned data
Content-Disposition: inline
Message-Id: <200307091208.08466.svein.ove@aas.no>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1385
Lines: 40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

onsdag 9. juli 2003, 01:11, skrev Clayton Weaver:
> Seems to me that a pty ulimit and making
> sure that root can always access an unused
> pty on demand are separate issues.
>
> The ulimit is the same issue that it is for
> open files, disk quota, aggregate per-user
> memory utilization, etc, maintaining the
> "multi-user" aspect of system usability.
>
> Making sure that root has the tools to do
> what is needed in a pty resource exhaustion
> situation deserves perhaps a different
> mechanism, like dynamic, on-demand pty device
> creation for root (which seems to me more
> robust than a "reserved for root" mechanism,
> which allows the possibility that root
> processes have already used up that many
> ptys when root needs one in an emergency).

But if you're going to do that for root, then why not do it for all users?
That would avoid the problem altogether, after all...

- - Svein Ove Aas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/C+mH9OlFkai3rMARAvlIAKCuBSdCx31kgcMP8hFaEx3qkdWiZwCfUI0A
YSDkrEFpFnmIkzXUi1E7Tnw=
=Hmkz
-----END PGP SIGNATURE-----

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/