On 05/ 6/10 12:42 AM, Garrett D'Amore wrote:
1) Can an ill-behaved application cause bad things to happen to the TCP
stack by setting RTO or abort timers too high? I'm specifically thinking
that by setting these timers to a large value, that it might be possible
to cause out of control consumption of resources or exhaustion of TCP
port numbers....
The result is that TCP keeps on retransmitting and won't time
out for the "long" (TCP_ABORT_THRESHOLD option value) period
of time. But an app can do effectively the same thing without
using the option by opening up another socket.
2) Perhaps setting some of these values should require a privilege?
I guess unless the system security or policy is affected, the
use of a privilege may not be appropriate. IMHO, both are not
affected. And from the point of view of resource consumption,
an app can use effectively the same amount of resource without
the help of the options, new and old (*).
If folks are not comfortable with the current ranges of those
existing TCP private parameters (the option value ranges are
the same), I can certainly change them.
3) Ultimately, have the implications of these changes been reviewed from
a security standpoint?
I guess the implications are obvious. If folks on the list
see a problem, please raise it.
(*) Note that TCP_CONN_ABORT_THRESHOLD and TCP_ABORT_THRESHOLD
have been in Solaris for a long time. I just checked the
history, it was added in 1992. Although they were not
documented by us, these two options are known in other
network stacks. Given their history and the fact that we
have not received (AFAIK) any complain, it is safe to assume
that documenting them will not introduce new issues.
--
K. Poon.
[email protected]
_______________________________________________
opensolaris-arc mailing list
[email protected]
