Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Disk (over)quota in Windows 2000
From: subs () DYNSOL COM (Joe Melhado)
Date: Wed, 1 Mar 2000 23:18:15 -0500

At 01:49 AM 3/1/00, Ian Turner wrote:
Which is why effective quota security should enable inode limits as well
as byte limits. If I can take up all the useable clusters with 0-byte
files, that is just as bad as being able to take up the useable space
1-k files.

NT4 had no quotas so the complaints were few, although there was a call
for them.

Now MS put them in and we are assuming that their purpose is to prevent
DoS attacks.

I've worked with systems with disk quotas for more decades than I'd
like to admit and we never looked at them as a way to prevent malicious
people from filling up the disk. Their main purpose was historically to
prevent careless or greedy users from tying up space by forcing them to
maintain their on line storage.

Quotas worked well for this purpose. If this is the philosophy behind
the MS implementation, it will do its intended job just fine.

The fact that it could have solved another problem as well may make the
implementation fall short of our desires, but that doesn't make it
buggy (IMHO), just not what we, with 20-20 hindsight,  would like to
see them have done.

Maybe they'll improve it if we ask nicely. There are lots of other
things that MS does that I'd like fixed that are higher on my priority


There is always an easy solution to every human problem
-- neat, plausible, and wrong.     -H. L. Mencken

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]