* Bring memory allocation failure handling in line with that of
the rest of the code.
* Nestle block curlies between case statements correctly.
I've left the in-block declarations alone, since style(9) says we should
conform to the existing style within the code, and inetd already does
this. I've left the asprintf()'s in there because that's how Brian wants
it.
example of their usage in the sample config. Merge the two examples
for the green internal auth service.
This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
used! I don't declare every variable at the top of a function because
that wastes stack space. I've clarified the error a bit (for if asprintf()
filas.)
1. Cleanups of ident_stream. "Evil" stdio is less used.
2. The BSD Copyright was added to the top of builtins.c.
3. As suggested, a timeout is now implemented in the ident
service. It defaults to 10 seconds. If enough people want
it, I'll make it configurable.
Suggested by: msmith
Restore default SIGHUP, SIGCHLD and SIGALRM handlers in forked inetd
processes. This happens to work around the fact that hosts_access()
doesn't (but should) set SIG_IGN as the handler for SIGCHLD while it
handles the spawn option, but it would make sense even if that were
not true.
This does not address the leaking descriptors issue discussed on the
same PR.
PR: 12731
Reviewed by: des
Submitted by: David Malone <dwmalone@maths.tcd.ie>
service. Inetd already uses the process title to indicate that a request
for an internal service is being serviced, so this addition is fairly
orthogonal.
Submitted by: David Malone <dwmalone@maths.tcd.ie>
internal services in inetd.conf .
The inetd(8) manpage used to say that the official name of a service
_must_ be used, yet inetd itself was hardcoded to used a service alias for
the auth service, namely ident!
Rather than change inetd.conf and break existing configurations on next
upgrade, we now allow service aliases as well as official names. This
allows the software to work as expected and still support existing
configurations.
This should not breaking existing wrapped configurations either and the
inetd(8) manpage already states that it is the service name specified in
inetd.conf that is used for calls to hosts_access(3).
PR: 11796
Reported by: Alex Charalabidis <alex@wnm.net>
Approved by: des
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.
Approved by: jkh
1) Handle forking and non-forking internal services correctly.
Turn on wrapping for internal services because it works now.
2) Preserve server names for each service on HUP.
3) Honour hosts_options(5) severity option.
4) Add IMPLEMENTATION NOTES section to clarify TCP Wrappers
usage and limitations.
This change may cause previously allowed builtin services (e.g. daytime)
to be denied in existing configurations.
PR: 12097
Reviewed by: markm
1)
Reported by: Pierre Beyssac <pb@fasterix.freenix.org>
2)
Submitted by: Masachika ISHIZUKA <ishizuka@ish.org>
3)
Submitted by: David Malone <dwmalone@maths.tcd.ie>
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.
Twelve years ago, code was added to inetd to detect "failing
servers". The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing"). These
compile-time constants vary depending on vendor.
The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).
Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.
PR: 7286
Reviewed by: phk
Submitted by: Jeff Forys <jeff@forys.cranbury.nj.us>
to attempt to unblock SIGCHLD, but we actually want to unignore SIGPIPE.
Obtained from: OpenBSD
Finished conversion from sigvec to sigaction (don't assume that sa_mask
is a scalar...). Didn't convert from sigblock to sigprocmask. Didn't
fix missing error checking for sigaction...
forks. Furthermore, invalid input for tcpmux does not lead to
an exiting inetd.
This patch is recommended for people running tcpmux (which is NOT
enabled by default)
server to bind to. This works until you send it a SIGHUP with a
new service defined ... the new service is bound to INADDR_ANY.
This patch fixes this bug (in both RELENG_2_2 and -current).
This is a 2.2 candidate..(i.e. pure bug fix)
Submitted by: Archie Cobbs (archie@whistle.com)
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
Submitted by: Archie Cobbs (Archie@whistle.com)
Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
Submitted by: archie@whistle.com
changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.
Obtained from: whistle.com
This causes:
1: inetd to clear it's getlogin() name at startup (in case the sysadmin
logged in and su'ed to root and restarted inetd)
2: inetd to start each spawned process in it's own session.
3: inetd to call setlogin() on non-root processes (eg: uucp for uucico)
4: log failures more extensively
This means that root spawned processes from inetd remain responsible for
setting their login name if they change their uid. (eg: rshd, login, etc).
If they do not do so, it is safer for them to have no "login name" than a
wrong one (like "root") because the getlogin() system call is documented
as "secure" on 4.4BSD. inetd when started from /etc/rc would have no login
name anyway, so this isn't really a change - it's making it consistant with
the bootup state...
The setsid() change *may* cause something to break that is doing a setsid()
itself and checking the result - it will fail now because it's already been
done. The consensis seems to be that this is unlikely. David G. thinks
this is acceptable as it is cleaner from an architectural point of view.