Date: Fri, 10 Feb 2023 10:35:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 269456] sshd stops accepting connections if tcp_wrapper is used Message-ID: <bug-269456-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269456 Bug ID: 269456 Summary: sshd stops accepting connections if tcp_wrapper is used Product: Base System Version: 13.1-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: lampa@fit.vutbr.cz Change in "sshd: update the libwrap patch to drop connections early" 46aaea6c19ef1f377936eede16b4bdb626421dd6 moved tcp wrapper actions into main loop in sshd: for (i = 0; i < num_listen_socks; i++) { ... if (!hosts_access(&req)) { ... } If for any reason hosts_access() stalls (DNS lookup timeouts), it stops this loop and sshd stops accepting any connections for some time (eventually indefinitely if attacker is persistent). It seems that dropping connections in main loop with tcp_wrapper is not a good idea. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269456-227>