On Thu, Jan 16, 2003 at 12:50:57PM +1100, Martin Pool wrote: > On 16 Jan 2003, Andrew Bartlett <[EMAIL PROTECTED]> wrote: > > > Win2k has a bug (feature?) where there is a connection reset if there is > > a second connection from the SAME IP, before the first > > session-setup. > > So an unprivileged process on the client can cause a local denial of > service just by repeatedly half-opening connections?
Yes. Early versions of jCIFS did this, in fact. I was testing it at the CIFS conference one year and every time jCIFS reconnected the client would lose all of the smbclient connections that it had. Tridge kindly explained it to me. :) This behavior is actually written up in the SNIA doc and, I think, the Leach/Naik draft. Normally it doesn't impact Microsoft clients, but there is a hotfix for it, since it causes all sorts of trouble for clients on the far side of a NAT. > > Both races need to be protected be separate mutexes. The first should > > be protected in as generic a manner as possible, due to the fact that it > > is *any* connection from the IP. > > Can the connection function be called by a nonprivileged process (say > rpcclient or smbclient) on the unix machine? Is so we either need to > put the mutex somewhere world-writeable (gross) or just be willing to > take our chances without it. There are several SMB clients out there now days. There's jCIFS, the FreeBSD SMB filesystem, and a few others. I don't think that there really is a "fix" for this problem. Not on the client side, anyway. Chris -)----- -- Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)----- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/ -)----- [EMAIL PROTECTED]
