From owner-freebsd-bugs Fri May 25 6:38:26 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id D498537B422 for ; Fri, 25 May 2001 06:38:22 -0700 (PDT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 25 May 2001 14:38:22 +0100 (BST) Date: Fri, 25 May 2001 14:38:21 +0100 From: David Malone To: Jeremy Chadwick Cc: freebsd-bugs@FreeBSD.org Subject: Re: bin/27636: inetd's internal "auth" service exploits possible bug Message-ID: <20010525143821.A95198@walton.maths.tcd.ie> References: <200105251310.f4PDA3s19648@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200105251310.f4PDA3s19648@freefall.freebsd.org>; from jdc@parodius.com on Fri, May 25, 2001 at 06:10:03AM -0700 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 25, 2001 at 06:10:03AM -0700, Jeremy Chadwick wrote: > True; I'm hearing you on FM. However, there's a whole slew > of available error codes for reporting something much more > proper, in errno.h. Something gives me the impression (and I > could be flat-out wrong with this assumption) that the author > of the kernel code chose ENOENT because it was quick-and-dirty. > As I don't have any idea what the kernel code actually *does*, I > suppose I'm out on a limb. As far as I know the kernel is telling you that it can't find any info about the connection you asked for. ENOENT seems to be about the best errno for this. EADDRNOTAVAIL is close, but probably futher from being correct than ENOENT. > Here's the best part: the sysctl variable *DOES* indeed exist. > Herein lies the magic: There are lots of magic sysctl variables for dredging odd info out of the kernel. Very few of them are documented - the ident service and this sysctl are not exceptional here. You'll find a few more similar ones in libkvm too I think. > I find this very peculiar. I am lead to believe that basically > the results of a sysctlbyname(3) call on the entry for > net.inet.[tcp|udp].getcred are supposed to contain the UID of > the owner of the socket. I'm not quite sure *WHY* sysctl was > chosen for this, but I digress... There has been a general push to stop people poking around in the kernel's address space for things like ps, vmstat, and ident. The prefered option now is to use magic sysctls for this. > the entire sysctl variable itself seems special. I'm totally > unsure either way; I just know pidentd does the same call and > does not have this problem. I'd guess it just reports the error in a different way. > I believe inetd should be returning "NO-USER" in this case. According to the RFC we shouldn't be returning errno messages anyway. I'll see what can be done. I'm doing some cleanups to the ident code at the moment anyway. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message