, 2005-06-08
Mark Burnett beat me to it. I was planning to write an article on the relationship between good security and paranoia in the not too distant future. However, it appears that at least one other SecurityFocus columnist shares some of my theories on good security. Either that, or he's somehow capable of reading my mind. Paranoia is generally a good thing to have. Regardless, Mark's article got me wondering about what other traits are valuable in the quest for good security.
Expand all |
Post comment
A Role Model for Security. Almost.
2005-06-11
xeon (1 replies)
xeon (1 replies)
Resource limits were designed fundamentally, to avoid allowing a single *local* user to utilize a disproportionate percentage of the system's resources. For all you know, qmail may be running in a dedicated configuration on a machine with 64GB of physical memory that has no problem allocating a few gigabytes to qmail's processing.
Most services implement their *OWN* resource limiting to prevent *remote* users from sucking up excessive amounts of resources, such that individual clients cannot monopolize server resources. Granted, there's no magic bullet solution to the DDoS problem, but simplistic resource exhaustion attacks are avoidable.
Qmail's failure to implement adequate resource limiting is one of the major reasons that it has had fewer vulnerabilities. It is simply a documented design shortcoming that qmail is vulnerable to resource exhaustion attacks. It's all a matter of defense-in-depth. If qmail didn't *rely* exclusively on system rlimits, it's possible that the exploit scenario would be even more contrived. As such, it's possible that, had Bernstein at least attempted to implement per-client rlimits at some level, that we wouldn't even be having this discussion.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/331/32101#32101