Re: [PATCH v4 3/7] nbd/server: CVE-2024-7409: Change default max-connections to 100

On Wed, Aug 07, 2024 at 07:24:56PM GMT, Daniel P. Berrangé wrote: > On Wed, Aug 07, 2024 at 12:43:29PM -0500, Eric Blake wrote: > > Allowing an unlimited number of clients to any web service is a recipe > > for a rudimentary denial of service attack: the client merely needs to > > open lots of sock

Re: [PATCH v4 3/7] nbd/server: CVE-2024-7409: Change default max-connections to 100

On Wed, Aug 07, 2024 at 12:43:29PM -0500, Eric Blake wrote: > Allowing an unlimited number of clients to any web service is a recipe > for a rudimentary denial of service attack: the client merely needs to > open lots of sockets without closing them, until qemu no longer has > any more fds availabl

[PATCH v4 3/7] nbd/server: CVE-2024-7409: Change default max-connections to 100

Allowing an unlimited number of clients to any web service is a recipe for a rudimentary denial of service attack: the client merely needs to open lots of sockets without closing them, until qemu no longer has any more fds available to allocate. For qemu-nbd, we default to allowing only 1 connecti