[Pkg-cups-devel] Bug#689991: CUPS: More on AllowUser and error_log flooding
Sergio Gelato
Sergio.Gelato at astro.su.se
Tue Oct 9 07:28:18 UTC 2012
After some further testing I can report that:
1) 1.4.4 servers (I tested with 1.4.4-7+squeeze1) are also affected.
2) 1.4.4 clients do not trigger the bug. After the first rejection the
job remains in the client's print queue but the client doesn't insist.
I'm not sure how servers should defend against this kind of DoS attack;
by tarpitting the client perhaps?
I'm pretty sure that well-behaved clients should not keep trying indefinitely.
More information about the Pkg-cups-devel
mailing list