Commit Graph

51 Commits

Author SHA1 Message Date
dillon
fac338b16a Remove signal mask prior to calling exec 1998-12-15 23:12:33 +00:00
dillon
0257da5919 Reviewed by: freebsd-current
Fix signal/library corruption by blocking all signals except during
    select().  The reported corruption was with reentrancy in the malloc lib.
1998-12-11 17:06:16 +00:00
phk
44cddad39c Add an "internal" driver for the "ident" protocol (tcp/113).
It will return "ERROR:HIDDEN-USER" for all requests.

To use it add:
	ident   stream  tcp     nowait  root    internal
to inetd.conf
1998-11-04 19:39:46 +00:00
jb
7300b9a59c Bruce says that %p is intended to format void pointers only. So use a void *
cast. There are pointers and then there are _pointers_. One day I'll
figure out which are which. 8-)
1998-08-18 02:10:05 +00:00
jb
49f35df526 Remove a cast and print the pointer value with %p instead of %x. 1998-08-17 06:16:59 +00:00
ache
1bbb61bc9b Add (struct timezone *) cast to NULL for K&R 1998-07-24 08:28:33 +00:00
ache
5b6f7049f1 Use NULL as gettimeofday arg instead of 0 cast
Add missing arg to error diagnostic
Print yet one arg of error diagnostic
1998-07-23 20:05:02 +00:00
phk
dbb03b6d18 last patch misapplied. 1998-07-22 14:24:12 +00:00
phk
39bd98f296 This may apply to all known versions of inetd.
For a tcp/nowait connection, inetd invokes accept(2) for
each pending connection; this call returns a file descriptor
associated with the new connection.

Twelve years ago, code was added to inetd to detect "failing
servers".  The heuristic that identifies a failing server is
one that has been invoked a large number of times over some
specified interval (e.g., more than 128 ftp services started
in 60 seconds may flag the ftp service as "failing").  These
compile-time constants vary depending on vendor.

The problem is that, when a failing server is detected, the
code neglects to close the file descriptor returned by the
accept(2).

Security-Implications:
I suppose someone with ample free time could orchestrate an
attack buy pummeling services until the inetd process finally
runs out of file descriptors thus rendering inetd useless to
any new connections that require a new descriptor.

PR:		7286
Reviewed by:	phk
Submitted by:	Jeff Forys <jeff@forys.cranbury.nj.us>
1998-07-22 05:53:53 +00:00
phk
7a64d46ca3 Spelling fixes.
PR:		6903
Reviewed by:	phk
Submitted by:	Josh Gilliam <josh@quick.net>
1998-06-10 12:34:27 +00:00
pb
16f8d7d58c Small typo in T/TCP patch ("speicfy" -> "specify"). 1998-05-15 19:16:35 +00:00
guido
70c2b190c2 On request of Garrett, ad a way to specify that a service should be
reachable via T/TCP
Reviewed by:	Garrett Wollman
1998-05-14 20:26:16 +00:00
bde
bfcb7bdce1 Fixed gross errors in previous commit. `sapipe' was used uninitialized
to attempt to unblock SIGCHLD, but we actually want to unignore SIGPIPE.

Obtained from:	OpenBSD

Finished conversion from sigvec to sigaction (don't assume that sa_mask
is a scalar...).  Didn't convert from sigblock to sigprocmask.  Didn't
fix missing error checking for sigaction...
1998-05-11 12:11:59 +00:00
guido
656f78b87c Unblock SIGPIPE before execv(); convert from sigvec to sigaction
Obtained from: OpenBSD
1998-05-08 19:15:44 +00:00
guido
779723654b Redo tcpmux stuff. tcpmux handling is now performed after inetd
forks. Furthermore, invalid input for tcpmux does not lead to
an exiting inetd.
This patch is recommended for people running tcpmux (which is NOT
enabled by default)
1998-05-07 18:32:00 +00:00
wollman
e131b51194 Document the requirement for TCPMUX to also be enabled as an internal
service if any external TCPMUX servers are desired.

PR: 826
1998-04-13 15:05:14 +00:00
pst
b89888f153 Make maxchild and max child-per-minute default values configurable from
the command line or Makefile.
1998-02-24 21:55:14 +00:00
dima
c811dec8d3 Add possibility to specify maximum number of connections per minute
for a given IP address.
This should be very effective against DoS attacks.
1997-10-29 21:49:04 +00:00
ache
442881c24b Implement group part now, final syntax is:
user[:group][/login-class]
1997-10-28 13:46:52 +00:00
ache
6a842ce994 Implement login classes sepcification as user[/loginclass]
By default inetd run things with the same limits as from /etc/rc
(daemon class) to not break anything as in good old days.
1997-10-27 22:03:47 +00:00
charnier
e9cad8594e Use err(3). 1997-09-19 06:27:30 +00:00
imp
b52523a54a Remove and odd sleep found by David Holland and posted to -security.
Reviewed by:	Theo de Raadt (who put it into OpenBSD)
Submitted by:	David Holland <dholland@eecs.harvard.edu>
1997-08-29 18:00:11 +00:00
davidn
f766bd31c5 login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
wollman
c63d12aeb3 Condition SO_PRIVSTATE twiddling on the definedness of SO_PRIVSTATE.
(This was done as a #ifdef to keep source compatibility between 2.2 and 3.0.)
1997-04-28 13:55:07 +00:00
imp
691010efad compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-31 05:11:47 +00:00
peter
b782f4df30 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
julian
f061fa28f5 The "-a" option for inetd specifies a specific IP address for the
server to bind to. This works until you send it a SIGHUP with a
new service defined ... the new service is bound to INADDR_ANY.

This patch fixes this bug (in both RELENG_2_2 and -current).

This is a 2.2 candidate..(i.e. pure bug fix)

Submitted by:	Archie Cobbs (archie@whistle.com)
1997-02-05 19:50:04 +00:00
wosch
3c5e4a3bbe Sort cross references. 1997-01-20 00:03:00 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
peter
7251a7b426 Implement minimal login class support (ie: does a setusercontext()).
Enabled by defining LOGIN_CAP in Makefile, on by default.
1997-01-13 02:52:30 +00:00
julian
f447087e68 Reviewed by: Bill fenner
Submitted by:	Archie Cobbs (Archie@whistle.com)

Changes to allow inted to control the number of servers to
start on each service. This is a defence against a denial of service attack
in which the system is made unusable by
an external party. It also allows the behaviour of
small memory systems to be more accuratly predicted, by
bounding the extent to which processes can multiply.
1996-11-10 21:12:44 +00:00
julian
5278ea869e Reviewed by: Bill fenner
Submitted by:	 Archie Cobbs (archie@whistle.com)

changes to make inetd compile cleaner under -Wall
1996-11-10 21:07:27 +00:00
alex
8d80515b00 Fix incorrect length argument to memset() function. Closes PR#1937.
Submitted by:	Archie Cobbs <archie@whistle.com>
1996-11-01 01:42:08 +00:00
joerg
e9e54bcde4 Do not modify a malloc()ed pointer; instead, use memmove().
Detected by: phkmalloc - AJ :)
1996-10-28 23:02:38 +00:00
julian
53ead71d81 Reviewed by: various
Submitted by:	archie@whistle.com

changes to allow inetd to bind to a single interface
for more complicated options see xinetd in ports.

Obtained from: whistle.com
1996-08-09 22:20:24 +00:00
dg
a811461f7d Increased listen() queue-depth limit to 64. 1996-07-17 15:00:28 +00:00
gpalmer
3829b6d0e8 Add $Id$ 1996-05-07 03:16:43 +00:00
wollman
41f00ad7a0 Call setsockopt(SO_PRIVSTATE) to renounce SS_PRIV on all the sockets
we create.  (Nothing being called from inetd should use it anyway,
but you can never be too careful.)

Translate the man page back into -mdoc.
1996-02-07 17:15:01 +00:00
mpp
511d4f82b2 Fix a bunch of spelling errors in a bunch of man pages. 1996-01-30 13:52:50 +00:00
peter
eb8e89ecaf Make inetd use setproctitle from libutil instead of it's own version.
The old code can probably still be compiled with #define OLD_SETPROCTITLE
1996-01-01 08:42:23 +00:00
peter
40d1117791 Workaround for the setlogin()-in-same-session-as-inetd bug.
This causes:
1: inetd to clear it's getlogin() name at startup (in case the sysadmin
	logged in and su'ed to root and restarted inetd)
2: inetd to start each spawned process in it's own session.
3: inetd to call setlogin() on non-root processes (eg: uucp for uucico)
4: log failures more extensively

This means that root spawned processes from inetd remain responsible for
setting their login name if they change their uid. (eg: rshd, login, etc).

If they do not do so, it is safer for them to have no "login name" than a
wrong one (like "root") because the getlogin() system call is documented
as "secure" on 4.4BSD.  inetd when started from /etc/rc would have no login
name anyway, so this isn't really a change - it's making it consistant with
the bootup state...

The setsid() change *may* cause something to break that is doing a setsid()
itself and checking the result - it will fail now because it's already been
done.  The consensis seems to be that this is unlikely. David G. thinks
this is acceptable as it is cleaner from an architectural point of view.
1995-11-03 09:30:13 +00:00
adam
04b5326448 Implement simple quoting for command args.
Previously "abc xyz" became 2 args split at the space.
1995-10-30 14:03:00 +00:00
wollman
4012c9269a Record PID in /var/run/inetd.pid and document same. 1995-10-12 16:43:27 +00:00
dg
78aea1ad2e Correct the "default rate" - it's 256/minute not 1000/minute. 1995-10-09 23:34:07 +00:00
rgrimes
1b1ee55538 Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
rgrimes
4f960dd75f Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
wollman
d067a90a1c Disable UDP service looping attack. 1994-12-21 19:08:45 +00:00
csgr
f146ba5a9b - increase TOOMANY, in line with 1.x
- add logging option from 1.x
1994-09-11 11:16:32 +00:00
csgr
88dbb490c7 Bring in handling of RPC services from 1.x
(Guess who forgot to replace his inetd until today ;-)
1994-09-11 10:48:02 +00:00
wollman
d7fca5c189 Get rid of update. Make man page installation work with our scheme
(and rename a few in the process).
1994-08-05 16:31:05 +00:00