Hi, > > The logic to apply the limit to connections in "connecting" state (this > > is the state you are in *before* successfull authentication) is > > slightly different: A new connect kicks out the oldest client which is > > still in "connecting" state. This avoids a easy DoS by unauthenticated > > users by simply opening connections until the limit is reached. > > I'd suggest that rather than kicking off the oldest client QEMU > should simply stop calling accept() when it reaches the limit > of active unauthenticated client connections.
Looks like I need to be a bit more verbose. The DoS I try to prevent is that anybody can open $limit connections to the vnc server, let them sit around idle, thereby blocking further connects. Whenever you stop calling accept or drop the new connection doesn't make much of a difference. I try to prevent that by dropping the *oldest* connection, so you have a chance to connect even if a unprivileged attacker tries to use up all connection slots. cheers, Gerd
