From owner-freebsd-security  Sat Sep 12 08:44:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA11988
          for freebsd-security-outgoing; Sat, 12 Sep 1998 08:44:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from baerenklau.de.freebsd.org (baerenklau.de.freebsd.org [195.185.195.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11983
          for <security@freebsd.org>; Sat, 12 Sep 1998 08:44:13 -0700 (PDT)
          (envelope-from wosch@panke.de.freebsd.org)
Received: (from uucp@localhost)
	by baerenklau.de.freebsd.org (8.8.8/8.8.8) with UUCP id RAA23838
	for security@freebsd.org; Sat, 12 Sep 1998 17:44:00 +0200 (CEST)
	(envelope-from wosch@panke.de.freebsd.org)
Received: (from wosch@localhost)
	by campa.panke.de (8.8.8/8.8.8) id PAA01992
	for security@freebsd.org; Sat, 12 Sep 1998 15:05:23 +0200 (MET DST)
	(envelope-from wosch)
Message-ID: <19980912150521.A1985@panke.de>
Date: Sat, 12 Sep 1998 15:05:22 +0200
From: Wolfram Schneider <wosch@panke.de.freebsd.org>
To: security@FreeBSD.ORG
Subject: unlimited fingerd in /etc/inetd.conf
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I think we should not run an unlimited fingerd(8) from
inetd by default. With this patch inetd runs only 3 simultaneous
fingerd processes and limit the connections-per-ip-per-minute to 10.

Index: inetd.conf
===================================================================
RCS file: /usr/cvs/src/etc/inetd.conf,v
retrieving revision 1.29
diff -u -r1.29 inetd.conf
--- inetd.conf	1998/09/02 01:34:56	1.29
+++ inetd.conf	1998/09/12 12:57:13
@@ -8,7 +8,7 @@
 telnet	stream	tcp	nowait	root	/usr/libexec/telnetd	telnetd
 shell	stream	tcp	nowait	root	/usr/libexec/rshd	rshd
 login	stream	tcp	nowait	root	/usr/libexec/rlogind	rlogind
-finger	stream	tcp	nowait	nobody	/usr/libexec/fingerd	fingerd -s
+finger	stream	tcp	nowait/3/10 nobody /usr/libexec/fingerd	fingerd -s
 #exec	stream	tcp	nowait	root	/usr/libexec/rexecd	rexecd
 #uucpd	stream	tcp	nowait	root	/usr/libexec/uucpd	uucpd
 #nntp	stream	tcp	nowait	usenet	/usr/libexec/nntpd	nntpd

-- 
Wolfram Schneider <wosch@freebsd.org> http://www.freebsd.org/~w/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message