[Haskell] Re: [Haskell-cafe] ANNOUNCE: enumerator, an alternative iteratee package

[Magnus Therning]

On 20/08/10 17:30, Felipe Lessa wrote:
> On Fri, Aug 20, 2010 at 1:12 PM, John Millikin <jmillikin at gmail.com> wrote:
>> This thought occurred to me, but really, how often are you going to
>> have a 10 GiB **text** file with no newlines? Remember, this is for
>> text (log files, INI-style configs, plain .txt), not binary (HTML,
>> XML, JSON). Off the top of my head, I can't think of any case where
>> you'd expect to see 10 GiB in a single line.
>>
>> In the worst case, you can just use "decode" to process bytes coming
>> from the ByteString-based enumHandle, which should give nicely chunked
>> text.
>
> I was thinking about an attacker, not a use case.  Think of a web
> server accepting queries using iteratees internally.  This may open
> door to at least DoS attacks.

You don't need to send that much data, the current implementation of
Enumerator uses hGet, which blocks, so just send the server a few bytes and
it'll be sitting there waiting for input until it times out (if ever).
Open a
few hundred of those connections and you're likely to cause the server
to run
out of FDs.  Of course this is already coded up in tools like
slowloris[1] :-)

/M

[1] http://ha.ckers.org/slowloris/
-- 
Magnus Therning                        (OpenPGP: 0xAB4DFBA4)
magnus＠therning．org           Jabber: magnus＠therning．org
http://therning.org/magnus         identi.ca|twitter: magthe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://www.haskell.org/pipermail/haskell-cafe/attachments/20100820/5badf207/signature.bin