[cap-talk] Re: "capabilities" as data vs. as descriptors
- OS security discussion, restricted access processes, etc.
Valerio Bellizzomi
devbox at selnet.org
Mon May 10 20:05:16 EDT 2004
On 10/05/2004, at 15.45, Ben Laurie wrote:
>Valerio Bellizzomi wrote:
(snip)
>> Are you saying that QoS works conversely by guaranteeing a minimum
>> bandwidth ?
>
>Yes, that is one of the things it can guarantee.
>
>> It should still mitigate total denial of service when there is a
>bandwidth
>> shared between N services.
>
>QoS should not allow you to reserve bandwidth that is not available.
Probably you just found a possible solution!
Is it possibly a question of precedence?
If critical services of a host are started first (those about one cares and
that are built from inspected code) , they can reserve bandwidth.
The remaining bandwidth can go to crappy programs :)
Of course this makes much more sense when we talk about a server.
Val
More information about the cap-talk
mailing list