Commit Graph

34 Commits

Author SHA1 Message Date
Dima Ruban
3e2e58f12e Add possibility to specify maximum number of connections per minute
for a given IP address.
This should be very effective against DoS attacks.
1997-10-29 21:49:04 +00:00
Andrey A. Chernov
b34683ca29 Implement group part now, final syntax is:
user[:group][/login-class]
1997-10-28 13:46:52 +00:00
Andrey A. Chernov
186a5319ff Implement login classes sepcification as user[/loginclass]
By default inetd run things with the same limits as from /etc/rc
(daemon class) to not break anything as in good old days.
1997-10-27 22:03:47 +00:00
Philippe Charnier
c1a2e93e94 Use err(3). 1997-09-19 06:27:30 +00:00
Warner Losh
83eea89664 Remove and odd sleep found by David Holland and posted to -security.
Reviewed by:	Theo de Raadt (who put it into OpenBSD)
Submitted by:	David Holland <dholland@eecs.harvard.edu>
1997-08-29 18:00:11 +00:00
David Nugent
5d0bfe39ec login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
Garrett Wollman
aeb83a466a Condition SO_PRIVSTATE twiddling on the definedness of SO_PRIVSTATE.
(This was done as a #ifdef to keep source compatibility between 2.2 and 3.0.)
1997-04-28 13:55:07 +00:00
Warner Losh
6c3f552a31 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-31 05:11:47 +00:00
Peter Wemm
476602a9d0 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
Julian Elischer
fb42516541 The "-a" option for inetd specifies a specific IP address for the
server to bind to. This works until you send it a SIGHUP with a
new service defined ... the new service is bound to INADDR_ANY.

This patch fixes this bug (in both RELENG_2_2 and -current).

This is a 2.2 candidate..(i.e. pure bug fix)

Submitted by:	Archie Cobbs (archie@whistle.com)
1997-02-05 19:50:04 +00:00
Wolfram Schneider
bfd34a4a60 Sort cross references. 1997-01-20 00:03:00 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Peter Wemm
fbc2342cca Implement minimal login class support (ie: does a setusercontext()).
Enabled by defining LOGIN_CAP in Makefile, on by default.
1997-01-13 02:52:30 +00:00
Julian Elischer
0661be0b5d Reviewed by: Bill fenner
Submitted by:	Archie Cobbs (Archie@whistle.com)

Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
1996-11-10 21:12:44 +00:00
Julian Elischer
6467602bb5 Reviewed by: Bill fenner
Submitted by:	 Archie Cobbs (archie@whistle.com)

changes to make inetd compile cleaner under -Wall
1996-11-10 21:07:27 +00:00
Alexander Langer
9e375707a5 Fix incorrect length argument to memset() function. Closes PR#1937.
Submitted by:	Archie Cobbs <archie@whistle.com>
1996-11-01 01:42:08 +00:00
Joerg Wunsch
d4788da623 Do not modify a malloc()ed pointer; instead, use memmove().
Detected by: phkmalloc - AJ :)
1996-10-28 23:02:38 +00:00
Julian Elischer
7356460fe3 Reviewed by: various
Submitted by:	archie@whistle.com

changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.

Obtained from: whistle.com
1996-08-09 22:20:24 +00:00
David Greenman
e289453542 Increased listen() queue-depth limit to 64. 1996-07-17 15:00:28 +00:00
Gary Palmer
ac52e6af45 Add $Id$ 1996-05-07 03:16:43 +00:00
Garrett Wollman
e50d775901 Call setsockopt(SO_PRIVSTATE) to renounce SS_PRIV on all the sockets
we create.  (Nothing being called from inetd should use it anyway,
but you can never be too careful.)

Translate the man page back into -mdoc.
1996-02-07 17:15:01 +00:00
Mike Pritchard
4a8d02835c Fix a bunch of spelling errors in a bunch of man pages. 1996-01-30 13:52:50 +00:00
Peter Wemm
c128302002 Make inetd use setproctitle from libutil instead of it's own version.
The old code can probably still be compiled with #define OLD_SETPROCTITLE
1996-01-01 08:42:23 +00:00
Peter Wemm
84c60f0d3f Workaround for the setlogin()-in-same-session-as-inetd bug.
This causes:
1: inetd to clear it's getlogin() name at startup (in case the sysadmin
	logged in and su'ed to root and restarted inetd)
2: inetd to start each spawned process in it's own session.
3: inetd to call setlogin() on non-root processes (eg: uucp for uucico)
4: log failures more extensively

This means that root spawned processes from inetd remain responsible for
setting their login name if they change their uid. (eg: rshd, login, etc).

If they do not do so, it is safer for them to have no "login name" than a
wrong one (like "root") because the getlogin() system call is documented
as "secure" on 4.4BSD.  inetd when started from /etc/rc would have no login
name anyway, so this isn't really a change - it's making it consistant with
the bootup state...

The setsid() change *may* cause something to break that is doing a setsid()
itself and checking the result - it will fail now because it's already been
done.  The consensis seems to be that this is unlikely. David G. thinks
this is acceptable as it is cleaner from an architectural point of view.
1995-11-03 09:30:13 +00:00
Adam David
32b505b222 Implement simple quoting for command args.
Previously "abc xyz" became 2 args split at the space.
1995-10-30 14:03:00 +00:00
Garrett Wollman
9fe96cbb6d Record PID in /var/run/inetd.pid and document same. 1995-10-12 16:43:27 +00:00
David Greenman
ee812eb286 Correct the "default rate" - it's 256/minute not 1000/minute. 1995-10-09 23:34:07 +00:00
Rodney W. Grimes
d3628763db Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
Rodney W. Grimes
709e8f9ae1 Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
Garrett Wollman
71704f34b1 Disable UDP service looping attack. 1994-12-21 19:08:45 +00:00
Geoff Rehmet
bee39b42f3 - increase TOOMANY, in line with 1.x
- add logging option from 1.x
1994-09-11 11:16:32 +00:00
Geoff Rehmet
55b91f3ab6 Bring in handling of RPC services from 1.x
(Guess who forgot to replace his inetd until today ;-)
1994-09-11 10:48:02 +00:00
Garrett Wollman
84e59eb50d Get rid of update. Make man page installation work with our scheme
(and rename a few in the process).
1994-08-05 16:31:05 +00:00
Rodney W. Grimes
dea673e932 BSD 4.4 Lite usr.sbin Sources 1994-05-26 05:23:31 +00:00