Skip site navigation (1)Skip section navigation (2)
Date:      Mon,  7 Jan 2002 23:40:55 +0100 (CET)
From:      Matthias Andree <matthias.andree@web.de>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/33670: default inetd install allows for unlimited resource use
Message-ID:  <20020107224055.2124F2D328@freebsd.emma.line.org>

next in thread | raw e-mail | index | archive | help

>Number:         33670
>Category:       bin
>Synopsis:       default inetd install allows for unlimited resource use
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jan 07 17:30:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Matthias Andree
>Release:        FreeBSD 4.5-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD freebsd.emma.line.org 4.5-PRERELEASE FreeBSD 4.5-PRERELEASE #0: Thu Jan 3 16:41:15 CET 2002 root@freebsd.emma.line.org:/usr/src/sys/compile/M2A2 i386


	
>Description:
By default, FreeBSD runs inetd. While the FreeBSD implementation of
inetd has an outstanding feature set, regretfully, this is not used to
protect a system to the full extent.

Daniel J. Bernstein, like him or not, describes an attack on inetd,
http://cr.yp.to/docs/inetd.c, which can be refined and used against
FreeBSD.

However, unlike many other inetd implementations, FreeBSD's HAS the
ability to limit the total number of connections per service, by means
of the -c option, but this is not currently used.
	
>How-To-Repeat:
Connect, but do not release, connections just below the maximum
connect/minute rate.
	
>Fix:
I'm not sure if it's sufficient, but it looks as though changing
inetd_flags in /etc/defaults/rc.conf to "-wWc20" might help, no more
than 20 servers per service could be running at the same time.
	


>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020107224055.2124F2D328>