This is the mail archive of the
libc-hacker@sourceware.cygnus.com
mailing list for the glibc project.
Re: [Bill Paul <wpaul@CTR.COLUMBIA.EDU>] Re: easy DoS in most RPC apps
- To: kukuk@weber.uni-paderborn.de
- Subject: Re: [Bill Paul <wpaul@CTR.COLUMBIA.EDU>] Re: easy DoS in most RPC apps
- From: tb@mit.edu (Thomas Bushnell, n/BSG)
- Date: Mon, 18 May 1998 19:06:25 -0400
- CC: aj@arthur.rhein-neckar.de, libc-hacker@cygnus.com
From: Thorsten Kukuk <kukuk@weber.uni-paderborn.de>
Date: Tue, 19 May 1998 00:50:16 +0200 (MEST)
Thomas Bushnell, n/BSG writes:
>
> Am I correct in understanding that the SunRPC bug can only affect TCP
> services?
Yes, it only affect TCP services. But the fix doesn't really fix it.
As I said in my earlier mails, the problem will be only fixed, if the
daemon spawns a new thread for each connection. And I'm not the only
one with this opinion:
Well, that's not really so. If you are not using the SunRPC stubs
then it's easy to handle.
Just have a structure keeping track of pending packets, read them only
after select. Then the stuck packets on one connection can't prevent
the server from reading packets happily from the next connection.