Subject: Re: SO_PEERNAME
To: William E. Baxter <web@superscript.com>
From: Martin Husemann <martin@duskware.de>
List: tech-kern
Date: 08/25/2001 23:13:29
> Unfortunately, SCM_CREDS mechanisms pass credentials to the server only when the
> client sends data.  Thus the server cannot obtain credentials unless the client
> offers them.  By spawning connections and never sending data, a local user can
> consume connections and deny service anonymously.

For a very stupid protocol or a dumb implementation of the server: yes.

I'd suppose any server to set a timeout on accept(), and break the connection
if no data (or initial handshake) has happened before the timeout expires.


Martin