[Pkg-cups-devel] Bug#689991: CUPS: More on AllowUser and error_log flooding

[Sergio Gelato]

After some further testing I can report that:

1) 1.4.4 servers (I tested with 1.4.4-7+squeeze1) are also affected.

2) 1.4.4 clients do not trigger the bug. After the first rejection the
job remains in the client's print queue but the client doesn't insist.

I'm not sure how servers should defend against this kind of DoS attack;
by tarpitting the client perhaps?

I'm pretty sure that well-behaved clients should not keep trying indefinitely.