On Sat, Aug 25, 2001 at 11:13:29PM +0200, Martin Husemann wrote:
> > Unfortunately, SCM_CREDS mechanisms pass credentials to the server only when the
> > client sends data.  Thus the server cannot obtain credentials unless the client
> > offers them.  By spawning connections and never sending data, a local user can
> > consume connections and deny service anonymously.
> 
> For a very stupid protocol or a dumb implementation of the server: yes.
> 
> I'd suppose any server to set a timeout on accept(), and break the connection
> if no data (or initial handshake) has happened before the timeout expires.
> 

So a local user can occupy each connection only as long as your timeout.  That
doesn't fundamentally change the situation.  Moreover, many servers require
credentials alone, and no data.  In other words, the credentials are the only
data that need be transferred.

How can I satisfy these conditions under the existing kernel:

1. Server can obtain credentials of connect() caller.
2. Server can obtain credentials without depending on client to send data.

Regards,
W.