Re: gdm 2.4.0.7



On Mon, Feb 03, 2003 at 12:49:38PM -0500, Martin K. Petersen wrote:
> This has nothing to do with user sessions.
> 
> Due to the way the XDMCP protocol is designed, it is trivial to do a
> Denial of Service attack against an XDM daemon (You can write a small
> trivial program to cause the xdm daemon to use up all available memory
> on a system).
> 
> So when I implemented XDMCP in GDM, I added a few hacks to prevent
> against attacks like that.
> 
> Depending on your gdm.conf (look at the [xdmcp] section), the daemon
> will only allow one connection per remote IP.  And it requires that IP
> to finish the handshaking within a certain period of time.
> 
> It seems that for some reason the remote display don't get removed
> from the active list when the users log out.
> 
> I don't know if George has changed any of this code recently.  But as
> a quick workaround you could try bumping DisplaysPerHost to 2.

This is the way it still works ...

The problem probably is that the remote X server kills the connection without
logging out.  If a remote server is just killed gdm has no way of noticing
that.  It will eventually ping and timeout, but that depends on your ping
timeout.  Solutions would be to:

Decrease ping timeout (I think I may just decrease the default anyway)
Increase DisplaysPerHost to 2 (I think I may just make that the default as
well)

So the defaults will likely be changed, as well as the pinging behaviour
in newer versions at some point.  In the meantime try the above.

George

-- 
George <jirka 5z com>
   You can get much farther with a kind word and a gun
   than you can with a kind word alone.
                       -- Al Capone



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]