[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ra_svn DOS potential (was Re: svn commit: r9946 - trunk/subversion/libsvn_ra_svn)

From: Branko ÄŒibej <brane_at_xbc.nu>
Date: 2004-06-14 02:16:48 CEST

Greg Hudson wrote:

>On Fri, 2004-06-11 at 06:40, Branko ÄŒibej wrote:
>
>
>>This doesn't do much to avoid the DoS.
>>
>>
>
>It make the network act as a throttle on resource usage by not
>allocating all the memory at once. But you're right; particularly in
>threaded mode (where you can't just set a resource limit), it's not a
>very comprehensive solution.
>
>
[...]

> * The client imposes no limit on communication from the server.
> * Before initial authentication, we impose a very small limit,
> on the order of 4-8K.
> * After authentication (even if it's anonymous), if the connection
> has read access, it gets a medium limit, on the order of 64K.
> * If a connection has write access, we impose no limit.
>
>
I think this is a reasonable approach. It will still allow an untrusted
server to crash a client (the program, not the machine, we can hope),
but I don't see that as a very big problem. I wonder if we can make
ra_dav safe in a similar way, or if we have to.

-- 
Brane ÄŒibej   <brane_at_xbc.nu>   http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jun 14 02:17:21 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.