Subject: Re: Melting down your network
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Emmanuel Dreyfus <manu@netbsd.org>
List: tech-kern
Date: 03/29/2005 08:30:26
Jonathan Stone <jonathan@dsg.stanford.edu> wrote:
> >The quote was useless, as I did read the standard before opening the PR.
> It was not useless; it was entirely on-point. If you read that page,
> but didn't understand it, then what does that say? That you don't
> possess a suitable technical background to read the SuSv3 spec as it
> regards a networking primitive? Is that _really_ your response?
I said I misinterpreted it. That ENOBUFS returned for blocking I/O
sounded weird to me. It also did to several developpers that initially
contributed to the thread, so I wouldn't say it's such a stupid mistake.
I can admit I have been wrong, but that does not deserve the rude
treatment you are giving me. Especially since I already told you I would
not insist.
> But (and here's the rub): once you released your application to the
> world, the onus is on *you* to ensure that it's not ill-designed and
> dangerous.
It's not really more a DOS tool than ping -f or nc -u: misusing makes it
a DOS tool.
> I tell you that three times. In all earnest and sincerity. If you
> don't, you will one day get much harsher responses, from _far_ more
> unpleasant sources.
None of us are a lawyer, but it has been known for a long time that the
software author and redistributor are not accountable for how a third
party misuse the program. To make that clear, it's even written in all
licenses and I don't know of a case where this was invalidated.
> 1. Cease and withdraw complaints that NetBSD has a bug, simply
> because NetBSD is (quite properly and by design, like all
> other *BSD code), dropping packets under congestion;
I already do so, so please drop the gun.
> 2. You *make* your app a private application, by removing your
> badly-designed and potentially dangerous app from pkgsrc,
> to prevent any innocent parties from inadvertently using it.
> It should not be made available in pkgsrc until it does implement
> appropriate behaviour under congestion.
Go ahead and remove it, I don't care that much, it's not worth the
fight. While you are there, think about removing all the application
that could be used as a DOS tool by mistake.
--
Emmanuel Dreyfus
Le cahier de l'admin BSD 2eme ed. est dans toutes les bonnes librairies
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@netbsd.org