[OLPC Security] Securing the laptop: DoS

[John Moser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Ivan Krstić wrote:
> John Moser wrote:
>> ^^^ This is probably the easiest to handle.  Just buffer and delay
>> writes for a good 30-45 seconds, merging the changes in memory and then
>> snapshotting and writing back to disk.  
> 
> The way I'm hoping to mitigate the NAND burn problem is by a combination
> of rate limiting and hard write quotas.

Both of which can lead to DoS, but that's a lot better than dead
hardware for sure.  This is the same philosophy used in PaX, ProPolice,
Exec Shield, grsecurity's brute force deterrent, pH, and a load of other
things that turn compromises into DoS.

> 
> Simson Garfinkel:
>> Hell, use a PNG so that the system can't tell the difference.
> 
> I think John was confused since pseudo-random number generators are
> almost universally abbreviated as PRNGs, with PNG sometimes standing for
> pseudo-random noise generators.
> 

That and PRNG data isn't helpful in this case; the system doesn't go
"Hey this is a worm attack, I'm not flushing this crap to disk!"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRSkmDAs1xW0HCTEFAQIxwxAAlPfV5cOHeCAe6Vr6jdUf8h37l+AKDds3
NndOC9p9HtaxD0lew4sI5QOryGu5Wjwc08A0+abGVtidC5q9D4SNVWYM9e7eMfsQ
gpfMEcE/siv3B91PzsNi5qrC43dAkFiOPjc2rgmvja4WAE0y1Cau5yUeXdnPR1dD
LZuKcIJygPGwS9FJZyNKMm4Z2WkXf1olTcHniHA6vyQmfgxrguZSVKESGPUXY9Re
sZTPcHPURKNSNI/9xU98I7SmDTNyh3x5XQt5xkDhasHrNvWRSV22fQHjz+WTZ1BD
5h89oKsEx7/22jUbXFtSW4sPxil/2wWTEYmxoqHQcYW+i5ezKmgpIrIt62Y5BqyT
SBu2BSoKCxFTNRhG8u8TkOGEDtjlBR1EVcWXER9TeFklniCMa+J+vGsHzmL/Ri4m
LEKTn44i7PfGR42iNZDk71Zs89YTnJw1il/kt8Q1UU2/M/WPG7Gvc9+S+jl31+T2
CRMmPylMVMQY8/MhciVqWSwldnIn05Xob8KwSJMRmr2fPNV+mGJfaAKJ8L3YXnTz
myJA5kZLJPn6jD0pE7EVCNIOHZ+m8m4BBYQIBRH4e2sHgLQOC6KS1uJYIrboLKZZ
d/fAr3mMihhoXPcvUiE1hBFEUGDZSai2Pdz+IVPXSbMP8+xDwW0O2QAyqPMvojN1
UgU98KfpqdA=
=wdgR
-----END PGP SIGNATURE-----