On Wed, 10 May 2000, Jan Wieck wrote:
> Tom Lane wrote:
> > Bingo. All your cores show the thing waiting inside the ident code:
> >
> > [...]
> >
> > Looking at the code, there doesn't seem to be any defense against a
> > broken ident server --- there is no timeout or anything being used here!
> > Ugh. Has it always been like this?
> >
> > Anyway, I think the immediate fix for you is to stop using ident auth
> > for that host, at least till we can improve this code...
>
> Looks like the entire communication with a new client is
> handled in a nonblocking manner via select(2) in
> ServerLoop(). I think the ident lookup belongs to there too,
> and this improvement isn't something for a quick hack. It
> takes a little longer to be well tested.
>
> Let's try it for 7.0.1 or 7.0.2. Clearly is a bugfix IMHO.
>
> Also we might think about using some kind of timeout after
> which a new connection should either get rejected or succeeds
> in backend start. Just to prevent a bogus client from
> creating a forever dangling connection.
Cool, our first DOS :)
