bitmaps in srv_lsa_hnd.c

Tim Potter tpot at linuxcare.com.au
Mon Oct 9 03:36:56 GMT 2000


Gerald Carter writes:

> The only purpose of bmap that I see is to prevent us 
> from allocating more than MAX_OPEN_POLS at any given time 
> for an smbd.  If I were to guess, this to prevent a DoS 
> attack where a client exhausts the server by opening 
> LSA policy handles and never closing them?

You'll still get a DoS attack of sorts, as opening 64 handles
without closing them would prevent other people from opening more
handles for legitmate purposes.

A better idea would be to start discarding open handles on a LRU
basis so that a request for a new handle always succeeds.


Regards,

Tim.





More information about the samba-technical mailing list