bitmaps in srv_lsa_hnd.c
Gerald Carter
gcarter at valinux.com
Mon Oct 9 03:41:22 GMT 2000
Tim Potter wrote:
>
> Gerald Carter writes:
>
> > The only purpose of bmap that I see is to prevent us
> > from allocating more than MAX_OPEN_POLS at any given time
> > for an smbd. If I were to guess, this to prevent a DoS
> > attack where a client exhausts the server by opening
> > LSA policy handles and never closing them?
>
> You'll still get a DoS attack of sorts, as opening 64 handles
> without closing them would prevent other people from opening more
> handles for legitmate purposes.
But only on a single smbd which is associated with
a single user/client. Opening a new policy handle involves
a malloc so if there was not an upper bound on this, you
could theoretically crater the server by causing an smbd
process to suck up all the available RAM.
> A better idea would be to start discarding open handles
> on a LRU basis so that a request for a new handle
> always succeeds.
Ummm....I'm not sure about this one. Do you feel
good about the side effects?
jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com VA Linux Systems gcarter at valinux.com
http://www.samba.org SAMBA Team jerry at samba.org
http://www.eng.auburn.edu/~cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list