From owner-freebsd-bugs Mon Nov 4 13:50:14 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5738E37B404 for ; Mon, 4 Nov 2002 13:50:10 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB1C743E9E for ; Mon, 4 Nov 2002 13:50:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id gA4Lo1x3015294 for ; Mon, 4 Nov 2002 13:50:01 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id gA4Lo1eT015293; Mon, 4 Nov 2002 13:50:01 -0800 (PST) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3851B37B401 for ; Mon, 4 Nov 2002 13:40:44 -0800 (PST) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8E3343E8A for ; Mon, 4 Nov 2002 13:40:43 -0800 (PST) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.6/8.12.6) with ESMTP id gA4Leh7R042731 for ; Mon, 4 Nov 2002 13:40:43 -0800 (PST) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.6/8.12.6/Submit) id gA4Leh6L042730; Mon, 4 Nov 2002 13:40:43 -0800 (PST) Message-Id: <200211042140.gA4Leh6L042730@www.freebsd.org> Date: Mon, 4 Nov 2002 13:40:43 -0800 (PST) From: Michele Possamai To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: misc/44894: as a local non-root user and remote it's possible to make telnet throw up. Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44894 >Category: misc >Synopsis: as a local non-root user and remote it's possible to make telnet throw up. >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 04 13:50:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Michele Possamai >Release: FreeBSD-4.7-STABLE >Organization: >Environment: FreeBSD tnt.yi.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Oct 17 21:43:25 CEST 2002 root@tnt.yi.org:/usr/src/sys/compile/SCORPIO i386 FreeBSD xs1.xs4all.nl 4.5-RELEASE-p19 FreeBSD 4.5-RELEASE-p19 #2: Mon Oct 21 01:50:10 CEST 2002 cor@xs0.xs4all.nl:/usr/src/sys/compile/XS4ALL-SMP i386 FreeBSD capricorn.tnt.intern 4.7-STABLE FreeBSD 4.7-STABLE #3: Thu Oct 10 20:25:13 CEST 2002 root@capricorn.tnt.intern:/usr/obj/usr/src/sys/CAPRICORN i386 FreeBSD mdv.xs4all.nl 4.6-STABLE FreeBSD 4.6-STABLE #2: Tue Aug 6 03:03:47 CEST 2002 3ewh2ep@mdv.xs4all.nl:/usr/obj/usr/src/sys/DOMINATOR i386 and probably more >Description: While expirimenting with C and sockets I accidently ran accross a little bitty bug. I just don't really know where the bug would be.. it's either in telnetd or in inetd. But when running the program I wrote locally as a normal user I was able to dissable telnet access for a while... It does not effect running sessions but new connections just act like there's no service running on that port anymore. I don't really know what's happening.. but I first figured it out on the network.. so remote is possible as well. but local is just a lot faster. The telnetd even really terminates with teh following message: inetd[88]: telnet/tcp server failing (looping), service terminated I know it's just telnet and it's not really a big deal. But I tryed a bsdi machine and it doesn't have the problem.. so it's not supposed to happen I guess.. >How-To-Repeat: I used the following code to crash it locally. just adjust the ip address to do it remote but it don't know how much bandwidth it needs.. /* code.c */ #include #include #include #include #define DEST_IP "127.0.0.1" #define DEST_PORT 23 main() { for (;;) { int sockfd; struct sockaddr_in dest_addr; sockfd = socket(AF_INET, SOCK_STREAM, 0); dest_addr.sin_family = AF_INET; dest_addr.sin_port = htons(DEST_PORT); dest_addr.sin_addr.s_addr = inet_addr(DEST_IP); memset(&(dest_addr.sin_zero), '\0', 8); connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr)); } } /* end of code */ >Fix: disable telnet.. it's better to use ssh anyway.. (don't know if other inetd processes might act the same as telnetd though..) for a real fix: I don't even know what I wrote to crash it.. so I definatly don't know how to fix it >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message