commit e4569a0961ff9f059b9ae71327d291cf95399597 Author: Bodo Stroesser firstname.lastname@example.org Date: Wed Nov 12 09:43:29 2014 -0500
rpc.mountd: set libtirpc nonblocking mode to avoid DOS In works fine in that it removes the vulnerability against a DOS attack. rpc.mountd can be blocked by a bad client, that sends many RPC requests but never reads the responses. This might happen intentionally or caused by a wrong network config (MTU). The patch switches on the nonblocking mode of libtirpc. In that mode writes can block for a max of 2 seconds. Attackers are forced to send requests slower, as libtirpc will close a connection if it finds two requests to read at the same time.
Please login to add feedback.