From owner-freebsd-hackers  Mon Jul 27 14:33:39 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA14343
          for freebsd-hackers-outgoing; Mon, 27 Jul 1998 14:33:39 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from smtp03.primenet.com (daemon@smtp03.primenet.com [206.165.6.133])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA14280
          for <hackers@FreeBSD.ORG>; Mon, 27 Jul 1998 14:33:08 -0700 (PDT)
          (envelope-from tlambert@usr02.primenet.com)
Received: (from daemon@localhost)
	by smtp03.primenet.com (8.8.8/8.8.8) id OAA12505;
	Mon, 27 Jul 1998 14:32:35 -0700 (MST)
Received: from usr02.primenet.com(206.165.6.202)
 via SMTP by smtp03.primenet.com, id smtpdd10903; Mon Jul 27 14:32:13 1998
Received: (from tlambert@localhost)
	by usr02.primenet.com (8.8.5/8.8.5) id MAA23572;
	Mon, 27 Jul 1998 12:08:09 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199807271908.MAA23572@usr02.primenet.com>
Subject: Re: inetd enhancements
To: n@nectar.com (Jacques Vidrine)
Date: Mon, 27 Jul 1998 19:08:09 +0000 (GMT)
Cc: hackers@FreeBSD.ORG
In-Reply-To: <E0z0qwG-0007Xx-00@spawn.nectar.com> from "Jacques Vidrine" at Jul 27, 98 12:19:56 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> I'd like to add some functionality to inetd.  The two features
> needed are:

I like the idea; I'd like more information on the implementation
(a 50,000 foot view)...

> * binding selected services to a particular interface

Do you so this by adding an "interface list" field?

> * chroot'ing before exec'ing the service

Do you run as other-than-root before you do this?  Root can escape
a chroot jail because of the way the chroot root vnode is (in my
opinion) incorrectly set to NULL instead of the real root for the
non-chroot case (fixing this would incidently simplify the namei code).

The "ftpd" case is especially vulnerable...


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message