| From: | The Hermit Hacker <scrappy(at)hub(dot)org> |
|---|---|
| To: | Jan Wieck <JanWieck(at)Yahoo(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org, darcy(at)vex(dot)net |
| Subject: | Re: pg_hba.conf && ident ... |
| Date: | 2000-05-10 15:58:56 |
| Message-ID: | Pine.BSF.4.21.0005101258440.777-100000@thelab.hub.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 10 May 2000, Jan Wieck wrote:
> Tom Lane wrote:
> > Bingo. All your cores show the thing waiting inside the ident code:
> >
> > [...]
> >
> > Looking at the code, there doesn't seem to be any defense against a
> > broken ident server --- there is no timeout or anything being used here!
> > Ugh. Has it always been like this?
> >
> > Anyway, I think the immediate fix for you is to stop using ident auth
> > for that host, at least till we can improve this code...
>
> Looks like the entire communication with a new client is
> handled in a nonblocking manner via select(2) in
> ServerLoop(). I think the ident lookup belongs to there too,
> and this improvement isn't something for a quick hack. It
> takes a little longer to be well tested.
>
> Let's try it for 7.0.1 or 7.0.2. Clearly is a bugfix IMHO.
>
> Also we might think about using some kind of timeout after
> which a new connection should either get rejected or succeeds
> in backend start. Just to prevent a bogus client from
> creating a forever dangling connection.
Cool, our first DOS :)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2000-05-10 16:02:43 | Re: [HACKERS] Re: Problems compiling version 7 |
| Previous Message | Mitch Vincent | 2000-05-10 15:57:28 | Great, big errors ... Again. |