[cap-talk] Re: "capabilities" as data vs. as descriptors
- OS security discussion, restricted access processes, etc.
Valerio Bellizzomi
devbox at selnet.org
Tue May 11 20:10:29 EDT 2004
On 11/05/2004, at 12.06, Ben Laurie wrote:
>Valerio Bellizzomi wrote:
>
>> On 10/05/2004, at 15.45, Ben Laurie wrote:
>>
>>
>>>Valerio Bellizzomi wrote:
>>
>>
>> (snip)
>>
>>
>>>>Are you saying that QoS works conversely by guaranteeing a minimum
>>>>bandwidth ?
>>>
>>>Yes, that is one of the things it can guarantee.
>>>
>>>
>>>>It should still mitigate total denial of service when there is a
>>>
>>>bandwidth
>>>
>>>>shared between N services.
>>>
>>>QoS should not allow you to reserve bandwidth that is not available.
>>
>>
>> Probably you just found a possible solution!
>>
>> Is it possibly a question of precedence?
>> If critical services of a host are started first (those about one cares
>and
>> that are built from inspected code) , they can reserve bandwidth.
>> The remaining bandwidth can go to crappy programs :)
>> Of course this makes much more sense when we talk about a server.
>
>This is all old hat when it comes to QoS. The interesting part is
>managing QoS in core networks, but that's not really relevant to this
>list, IMO.
Okay, it was relevant to the talk about denial of service and
countermeasures. But might become more relevant if QoS will be implemented
for EROS.
Val
More information about the cap-talk
mailing list