From owner-freebsd-security  Sun Nov  3 15:31:54 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id PAA11673
          for security-outgoing; Sun, 3 Nov 1996 15:31:54 -0800 (PST)
Received: from offensive.communica.com.au (offensive-eth1.adl.communica.com.au [192.82.222.18])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id PAA11006
          for <freebsd-security@freebsd.org>; Sun, 3 Nov 1996 15:25:13 -0800 (PST)
Received: from communica.com.au (frenzy.communica.com.au [192.82.222.65]) by offensive.communica.com.au (8.7.6/8.7.3) with SMTP id JAA21657; Mon, 4 Nov 1996 09:55:23 +1030 (CST)
Received: by communica.com.au (4.1/SMI-4.1)
	id AA13474; Mon, 4 Nov 96 09:48:49 CDT
From: newton@communica.com.au (Mark Newton)
Message-Id: <9611032318.AA13474@communica.com.au>
Subject: Re: chroot() security
To: dev@trifecta.com (Dev Chanchani)
Date: Mon, 4 Nov 1996 09:48:49 +1030 (CST)
Cc: marcs@znep.com, freebsd-security@freebsd.org
In-Reply-To: <Pine.BSF.3.91.961103150038.3636A-100000@www.trifecta.com> from "Dev Chanchani" at Nov 3, 96 03:01:32 pm
X-Mailer: ELM [version 2.4 PL21]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Dev Chanchani wrote:

 > > telnetd@192.168.0.1 : \
 > > 	.example.com : \
 > > 	rfc931 : severity auth.info : \
 > > 	twist = /usr/sbin/chroot /directory/to/chroot/to /usr/libexec/telnetd
 > 
 > Trying this method, I am getting the error telnetd: all network ports in 
 > use.

You've probably installed tcpd with the "simple" option, which involves 
replacing your daemons in /usr/libexec/ with a hard link to tcpd, which
knows where to find the "real" ones if a connection is permitted.

Hence, when you call /usr/libexec/telnetd in the example above, it ends
up running recursively.  This is probably not what you want :-)

Try specifying the path to the "real" telnetd instead (the one in your hide
directory, which was configured into tcpd at compile time).

 > I am sure all network ports are not in use :)

I'm willing to believe they are :-)  (they'll be mostly in CLOSE_WAIT
though)

    - mark

---
Mark Newton                               Email: newton@communica.com.au
Systems Engineer                          Phone: +61-8-8373-2523
Communica Systems                         WWW:   http://www.communica.com.au