Bug 11548 - inetd improperly handles internal services
Summary: inetd improperly handles internal services
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: inetd
Version: 1.0
Hardware: All
OS: Linux
medium
high
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact:
URL:
Whiteboard:
: 10786 13636 14876 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-05-21 09:18 UTC by Michael Tokarev
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-07-22 21:38:16 UTC
Embargoed:


Attachments (Terms of Use)
inetd internal services CLOSE_WAIT bug patch (191 bytes, patch)
2000-07-22 21:38 UTC, Pekka Savola
no flags Details | Diff

Description Michael Tokarev 2000-05-21 09:18:56 UTC
inetd-0.16-5.
When using (and allowing in inetd.conf) services internally
implemented by inetd, e.g. time service (echo etc):

time    stream  tcp     nowait  root    internal

Each "rdate host" will leave one connection (from netstat):

tcp 1 0 localhost:time  localhost:4680 CLOSE_WAIT

This connections will disappear only after restarting of inetd.
There is a filedescriptor (socket) leak somewhere in inetd.

This bug is not of very high priority (as marked by me), since this
services are disabled by default, but is really high where them are
used.

Comment 1 Pekka Savola 2000-07-22 21:31:53 UTC
*** Bug 13636 has been marked as a duplicate of this bug. ***

Comment 2 Pekka Savola 2000-07-22 21:38:14 UTC
Created attachment 1470 [details]
inetd internal services CLOSE_WAIT bug patch

Comment 3 Pekka Savola 2000-07-22 21:41:00 UTC
The fix is official from Netkit maintainer (reported along with a slightly
different one some time ago).

Inetd will be replaced by xinetd (see Rawhide), but the patch is attached if
it's of any use.


Comment 4 Pekka Savola 2000-07-22 21:43:10 UTC
*** Bug 10786 has been marked as a duplicate of this bug. ***

Comment 5 Pekka Savola 2000-08-07 08:10:49 UTC
*** Bug 14876 has been marked as a duplicate of this bug. ***

Comment 6 Pekka Savola 2000-08-22 21:08:17 UTC
*** Bug 16729 has been marked as a duplicate of this bug. ***

Comment 7 Karl Hakimian 2000-08-23 14:28:33 UTC
I disagree with your decision not to fix the inetd problem. Mind you, I
patched the source, created a new RPM and updated all my machines before
reporting bug #16729 so this is not for my convenience that I am taking
exception to your decision.

My reasons for disagreeing are as follows

1) The statement that later version of RedHat will be using xinetd
instead does not fix the problem in your current version. Someone using
the current version gains no benefit from these fixes.

2) After thinking more about this bug, I realized that I should have
reported it as a security bug since it makes a denial of service attack
on a machine using the internal services very easy. It does not even
require a fast connection, just request the time service from a host
serving it up a few thousand times over a week or so and that server is
in trouble.

3) It is not uncommon for a site to active the time and/or daytime
service to monitor and or synchronize time on machines. This practice
will cause said machines problems over time even without a malicious
user helping them along.

Since you posted a patch in bug report #11548, I can't understand why
you did not also post a new RPM.

RedHat's decision to not release a new RPM for a potential security
problem can't look good for RedHat specifically or Linux in general.


Comment 8 Michael Tokarev 2000-08-25 14:32:48 UTC
I'm not shure if this bug exists in prior version of inetd,
as shipped in official redhat distributions (6.x).
If it doesnot exists there then it is "ok" for redhat
to "WONT FIX" it in rawhide (there is no inetd package in
rawhide now).  Unfortunately.
BTW, "do it yourself", that is. :(
But I see that bug reported for 6.2 also, so probably it exists
there too.  This way, that "RESOLVED DUPLICATE" should be reopened,
and a patch (new rpm) should be put in updates/ for 6.2 (others?),
but not for rawhide.

Comment 9 Karl Hakimian 2000-08-25 14:39:03 UTC
The bug report I turned in was for 6.2. I objected here because my bug
report was closed as a duplicate of this.

I agree that there is no need to fix rawhide. I also agree that 6.2
should be fixed.

Should I object on my original bug report as well?




Comment 10 Michael Tokarev 2000-08-25 15:17:43 UTC
Probably you should (I can't change anything there, as
you can't here :) ) -- if that can help...
And you can change severity/priority for your bug report.

Comment 11 Pekka Savola 2000-08-25 15:27:34 UTC
These bugs affect all inetd versions 0.16 and 0.17pre as far as I know.  I think it's Red Hat 6.2 - some Rawhide.

The point is, very few inetd users do use internal services (I'd say less than 0.1% in my experience).  Even though there's a serious
flaw in that functionality, I don't think it's worth issuing a bugfix package; it really doesn't matter for most people anyway.

This is a generic issue, but have you seen other Linuxes, or *BSD, for that matter issue a special bugfix? No.  If _all_ services were
affected, there would surely be a fix for this.

There are just too many bugs in all releases that'd warrant a bugfix release if this was the policy :-(

Comment 12 Karl Hakimian 2000-08-25 15:55:17 UTC
The maintainer of inetd has issued a patch. RedHat has made the patch
available. To patch and create a new RPM takes less than 5 minutes (for
someone who knows how). I don't understand why RedHat stopped.

Comment 13 Pekka Savola 2000-08-25 16:03:34 UTC
Please do a query in bugzilla for "6.2" - "resolved" - "rawhide".

452 bugs fixed for the next release.

Almost all of these bugs could be fixed in 6.2 too.  Patches are
available.

Be realistic.  This just can't be.  

The only real justification IMO for an update would be that inetd
is going to be obsoleted and it can't just be easily rebuilt from 
RH7.0.

Comment 14 Karl Hakimian 2000-08-25 16:11:59 UTC
If this were a matter of a broken or missing feature, I would be
"reasonable". Since this is a potential security problem (DOS on any
machine using an internal inetd server) I still think a fixed RPM needs
to be posted.

Again, I'd like to point out that MY problem is solved. I simple think
RedHat needs to fix this for other people.

If you'd like to continue arguing (I always enjoy a good argument. :-) )
We should either move this to bugreport 16729 or private email.


Comment 15 Jon Rifkin 2000-09-05 14:16:07 UTC
My campus time server stopped serving time to rdate clients because of this
problem, I am using RH6.2.  A couple of rouge clients sent requests every
few minutes and netstat -t reported about 1000 hung connections after which
no more connections where added.  My RH6.1 machine did not seem to have the
same problem.

WORK AROUND--
To 'fix' the problem quickly, I wrote the following simple time serving
program.  Everything now appears to be working OK

#include <stdio.h>
#include <time.h>
#include <netinet/in.h>
/* Number of seconds from Jan 1, 1900 to Jan 1, 1970  */
#define OFFSET 2208988800U
int main () {
        unsigned int t = htonl( time(NULL) + OFFSET);
        fwrite (&t, sizeof(t), 1, stdout);
        return 0;
}

compiled and saved it in /usr/local/sbin/ptime and replaced the
time line in /etc/inetd.conf with

time  stream   tcp   nowait   root  /usr/local/sbin/ptime ptime




Note You need to log in before you can comment on or make changes to this bug.