Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 4148 invoked by uid 6000); 4 May 1998 05:36:34 -0000
Received: (qmail 4120 invoked from network); 4 May 1998 05:36:23 -0000
Received: from valis.worldgate.com (marcs@198.161.84.2)
  by taz.hyperreal.org with SMTP; 4 May 1998 05:36:23 -0000
Received: from localhost (marcs@localhost)
	by valis.worldgate.com (8.8.7/8.8.7) with SMTP id XAA24781
	for <new-httpd@apache.org>; Sun, 3 May 1998 23:36:19 -0600 (MDT)
Date: Sun, 3 May 1998 23:36:18 -0600 (MDT)
From: Marc Slemko <marcs@worldgate.com>
To: new-httpd@apache.org
Subject: Re: cvs commit: apache-1.3 STATUS
In-Reply-To: <19980504002229.18461@staff.texas.net>
Message-ID: <Pine.BSF.3.95q.980503233429.7152q-100000@valis.worldgate.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

On Mon, 4 May 1998, Michael Douglass wrote:

> >   +    * The DoS issue about symlinks to /dev/zero is still present.
> >   +      A device checker patch had been sent to the list a while ago.
> >   +      Msg-Id: ?
> >   +       Jim: Couldn't we just use stat() and check the file-type?
> >   +            stats are expensive though...
> 
> I was just sitting here thinking of a way to handle this.  Instead of
> trying to detect this information every time you transfer a file; how
> about proceeding with the transfer as you do now, but after X bytes
> being transfered stop and check the file.  If it's a regular file
> keep going, otherwise end the current connection and log the item
> with red flags.

The thing is that this isn't just files sent to the client, but is any
files used for things like htpasswd, etc. that the user can control in the
htaccess file.  Generally, a DoS attack isn't very interesting if it just
involves sending x bytes to the client where x is large.  It only grows
interesting when you can process x bytes without sending x bytes.

> 
> Another interesting thought is to have this same logic add the filename
> to a list of 'bad' filenames to compare against before transfering.  This
> would mean that you would transfer X bytes of the device file once per
> child; and then, from that point on, it would only log it in the errorlog.
> The denying access could be handled by a module; but the transfer of the
> file itself is in the core apache is it not?
> 
> Hrmm...  Anyone have any thoughts on a 'critical_log'?  Seems that the
> 'error_log' can get full of useless information.  Perhaps for 2.0?
> 
> Enjoy,
> 
> P.S.  Anyone going to Networld+Interop in Vegas?  I'd be more than
>       interested in meeting some of you apache people.

We Apache people would be interested in meeting us APach epeople too.  <g>

> 
> -- 
> Michael Douglass
> Texas Networking, Inc.
> 
>   <msmith> it's raining...it's pouring...the old man...
>   *** Describe: msmith shuts up now.
>