> >
> > Not that I would have expected anything different considering who posted
> > it in the first place.
> >
> Thus Debian kernel team should be blamed for that misbehaviour. Don't worry,
> hardlinks behave just the same way, as you describe. Use authentic Linux
> kernels, if you dislike that
On Sat, 2009-10-24 at 21:39 +0400, Dan Yefimov wrote:
> On 24.10.2009 20:59, Anton Ivanov wrote:
> >> Not to tell about
> >> that /proc//fd/ contains only symbolic links, not files, so I can't
> >> understand, how the original reporter managed to g
[snip]
> If the application sets wrong permissions on files, it is by definition
> broken.
> Yes, setting more restrictive directory permissions can to some extent
> mitigate
> the problem, but not really fix it. What if that application is used by
> multiple
> users?
There have been cases
Following your logic we should all abandon directory permissions and
stick to file-only ones. Hmm... Dunno, probably the blood level in my
coffee subsystem is too high this morning, but I do not quite relish
that idea.
There is a very valid case of trying to restrict access via directory
permissio
Hi Ross,
[snip]
>acl "goodguys" {
> (list of trusted peers who can request your zone files)
> };
>
>
>
>acl "locals" {
>127.0.0.0/8;
>(list of your subnets);
> (list of TRUSTED hosts outside your network);
> };
>
>options {
>allow-transfer { goodguy
Geo. wrote:
>>1. Resolvers and Authoritative nameservers must be separate and
>>authoritative nameservers must have recursion turned off. Otherwise
>>there is no way to throttle only recursive queries.
>>
>>
>
>Great, for small ISP's you just doubled the number of machines they need to
>dedica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim wrote:
>> All it takes is to throttle traffic from the resovers to outside
>> the ISP network to a reasonably low value. Depending on the ISP
>> this is usually in the low Kbits. All it takes is a moderate
>> amount of competence in the ISP:
>
>
>
[snip]
>>
>
>
> I haven't heard anyone talk about requiring that users use their ISP's
> DNS server. Just that they should not be able to use any random DNS
> server on the internet.
This is standard practice in Wireless and other ISPs which operate pay
as you go service (hotels, conferences,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Thompson wrote:
>Michael Sierchio <[EMAIL PROTECTED]> writes:
>
>>Robert Story wrote:
>>
>>>VG> In the scenario you describe, I cannot see any actual amplification...
>>>
>>>The amplification isn't in the number of hosts responding, but in
packe
