standalone-nnrpd "dies" when hitting ressource limits
davidsen at tmr.com
Wed Jul 12 14:17:45 UTC 2000
On 11 Jul 2000, Russ Allbery wrote:
> Sven Paulus <sven at tin.org> writes:
> > Another idea: Why are we running nnrpd as user "news"? The only cause I
> > can think of is to spool articles which couldn't be transmitted to
> > innd. If we add (optionally) another user we could seperate DoS problems
> > like the one mentioned (some users opening some hundred connections to
> > nnrpd).
> That's not at all a bad idea. And if the other user were in group news,
> it could still have access to the local posting socket and the like, and
> one could even just make /news/incoming group-writeable (which I don't
> believe opens any additional security problems).
What does this buy us? I can identify nnrpd from innd without having a
new userid to manage, and if you get hundreds of connections I fail to see
why they would hurt less from another user.
If you don't want innd and nnrpd to interract you run nnrpd as a daemon
and put innd incoming on port 433, possibly on another NIC entirely.
I may be having a stupid attack, but I fail to see any advantage to
running nnrpd as another user, and for those who do run nnrpd from innd,
as I suspect many small sites do, you then are likely to open more holes
doing the setuid() right than you ever close by having another user.
Note: the new Linux kernel (iptables stack) allows control over packet
rate from a given IP, so I can limit socket opening rates if I want.
bill davidsen <davidsen at tmr.com>
CTO, TMR Associates, Inc
Doing interesting things with little computers since 1979.
More information about the inn-workers