Wouldn't it be sufficient to just limit query limit on LOOKUP to say 30 tries/minute?
The way inetd / xinetd has implemented... Michal Bukovjan Borsenkow Andrej wrote: >With recent devfs(s) problems I begin to ask myself, if secure kernel >may be allowed to have devfs. > >Note that devfs(d) opens up DoS possibility that is near to impossible >to close. Because devfsd calls modprobe on any LOOKUP any >*non-priviledged* user can possibly hit system with as simple as > >wile true; do >ls /dev/foo >done > >Of course we could have devfs with devfsd but it looks rather silly (and >is not supported by current initscripts anyway). > >So I vote for removing devfs support from kernel-secure. > >Comments? > >-andrej >
