Date: Fri, 10 Feb 2023 10:35:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 269456] sshd stops accepting connections if tcp_wrapper is used Message-ID: <bug-269456-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269456 Bug ID: 269456 Summary: sshd stops accepting connections if tcp_wrapper is used Product: Base System Version: 13.1-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: lampa@fit.vutbr.cz Change in "sshd: update the libwrap patch to drop connections early" 46aaea6c19ef1f377936eede16b4bdb626421dd6 moved tcp wrapper actions into main loop in sshd: for (i =3D 0; i < num_listen_socks; i++) { ... if (!hosts_access(&req)) { ... } If for any reason hosts_access() stalls (DNS lookup timeouts), it stops this loop and sshd stops accepting any connections for some time (eventually indefinitely if attacker is persistent). It seems that dropping connections= in main loop with tcp_wrapper is not a good idea. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269456-227>