Re: again security proposal

Rob Hagopian (hagopiar@vuser.vu.union.edu)
Wed, 31 Dec 1997 10:31:50 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Patrick Main: "Masquerade: Any large network limits?"
Previous message: Bill Hawes: "Re: some improvements for ncpfs on 2.0.33"

So why is the SYN cookies synflood protection in the kernel then?
According to the config, it has "a small probability of introducing a non
timed-out failure to connect in the remote TCP." Sounds like a violation
of standards to me, so lets rip it out! (<-- sarcasm)

Besides:
- the noexec patch doesn't violate any UNIX standard
- the link patch violates a standard, but AFAIK, noone has actually found
a program that will break, and the one case that I have seen that will
break could be fixed easily with /proc tuning.

-Rob H.

On 30 Dec 1997, Vladimir Volovich wrote:

> "YK" == Yuri Kuzmenko writes:
>
> YK> I run chown fido.uucp -R /var/spool/ifmail
> YK> (+ chmod g+rw) every 10 minutes from cron. Yes, I know, that is
> YK> not better solution.
>
> Please, do not violate UNIX standards! Change your scripts better!
> We do not need a "security" section in kernel which will be nothing more than
> violation of standards and bloating the kernel source. This thread is not really
> a kernel issue, and should be solved from user space!
>
> BTW, Happy New Year to all of you!
>
> Best regards, -- Vladimir.
> --
> I've got a very bad feeling about this.
> -- Han Solo
>

Next message: Patrick Main: "Masquerade: Any large network limits?"
Previous message: Bill Hawes: "Re: some improvements for ncpfs on 2.0.33"