On 20/08/10 17:30, Felipe Lessa wrote: > On Fri, Aug 20, 2010 at 1:12 PM, John Millikin <jmilli...@gmail.com> wrote: >> This thought occurred to me, but really, how often are you going to >> have a 10 GiB **text** file with no newlines? Remember, this is for >> text (log files, INI-style configs, plain .txt), not binary (HTML, >> XML, JSON). Off the top of my head, I can't think of any case where >> you'd expect to see 10 GiB in a single line. >> >> In the worst case, you can just use "decode" to process bytes coming >> from the ByteString-based enumHandle, which should give nicely chunked >> text. > > I was thinking about an attacker, not a use case. Think of a web > server accepting queries using iteratees internally. This may open > door to at least DoS attacks.
You don't need to send that much data, the current implementation of Enumerator uses hGet, which blocks, so just send the server a few bytes and it'll be sitting there waiting for input until it times out (if ever). Open a few hundred of those connections and you're likely to cause the server to run out of FDs. Of course this is already coded up in tools like slowloris[1] :-) /M [1] http://ha.ckers.org/slowloris/ -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org Jabber: magnus@therning.org http://therning.org/magnus identi.ca|twitter: magthe
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
