Subject: Re: inetd limits
To: None <tech-net@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-net
Date: 12/01/2001 18:18:27
> How about adding a concurrency limit in inetd so that only a
> specified number of simultaneous invocations of each service may be
> started?

Seems to be to me _asking_ for a DoS attack (though I suppose such
attacks are possible anyway).

Nothing wrong with making the capability available, though.

> And ofcourse change the wait/nowait[:max] parameter in inetd.conf to
> wait/nowait[:max-rate][:max-child].

This is ambiguous; I'd recommend wait/nowait[:[max-rate][:max-child]],
or perhaps wait/nowait[:[var=value[,var=value[,var=value...]]]] with
bare :number supported for compatability; the :number:number is not
very extensible.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B