Red Hat Bugzilla – Bug 11548
inetd improperly handles internal services
Last modified: 2008-05-01 11:37:55 EDT
inetd-0.16-5. When using (and allowing in inetd.conf) services internally implemented by inetd, e.g. time service (echo etc): time stream tcp nowait root internal Each "rdate host" will leave one connection (from netstat): tcp 1 0 localhost:time localhost:4680 CLOSE_WAIT This connections will disappear only after restarting of inetd. There is a filedescriptor (socket) leak somewhere in inetd. This bug is not of very high priority (as marked by me), since this services are disabled by default, but is really high where them are used.
*** Bug 13636 has been marked as a duplicate of this bug. ***
Created attachment 1470 [details] inetd internal services CLOSE_WAIT bug patch
The fix is official from Netkit maintainer (reported along with a slightly different one some time ago). Inetd will be replaced by xinetd (see Rawhide), but the patch is attached if it's of any use.
*** Bug 10786 has been marked as a duplicate of this bug. ***
*** Bug 14876 has been marked as a duplicate of this bug. ***
*** Bug 16729 has been marked as a duplicate of this bug. ***
I disagree with your decision not to fix the inetd problem. Mind you, I patched the source, created a new RPM and updated all my machines before reporting bug #16729 so this is not for my convenience that I am taking exception to your decision. My reasons for disagreeing are as follows 1) The statement that later version of RedHat will be using xinetd instead does not fix the problem in your current version. Someone using the current version gains no benefit from these fixes. 2) After thinking more about this bug, I realized that I should have reported it as a security bug since it makes a denial of service attack on a machine using the internal services very easy. It does not even require a fast connection, just request the time service from a host serving it up a few thousand times over a week or so and that server is in trouble. 3) It is not uncommon for a site to active the time and/or daytime service to monitor and or synchronize time on machines. This practice will cause said machines problems over time even without a malicious user helping them along. Since you posted a patch in bug report #11548, I can't understand why you did not also post a new RPM. RedHat's decision to not release a new RPM for a potential security problem can't look good for RedHat specifically or Linux in general.
I'm not shure if this bug exists in prior version of inetd, as shipped in official redhat distributions (6.x). If it doesnot exists there then it is "ok" for redhat to "WONT FIX" it in rawhide (there is no inetd package in rawhide now). Unfortunately. BTW, "do it yourself", that is. :( But I see that bug reported for 6.2 also, so probably it exists there too. This way, that "RESOLVED DUPLICATE" should be reopened, and a patch (new rpm) should be put in updates/ for 6.2 (others?), but not for rawhide.
The bug report I turned in was for 6.2. I objected here because my bug report was closed as a duplicate of this. I agree that there is no need to fix rawhide. I also agree that 6.2 should be fixed. Should I object on my original bug report as well?
Probably you should (I can't change anything there, as you can't here :) ) -- if that can help... And you can change severity/priority for your bug report.
These bugs affect all inetd versions 0.16 and 0.17pre as far as I know. I think it's Red Hat 6.2 - some Rawhide. The point is, very few inetd users do use internal services (I'd say less than 0.1% in my experience). Even though there's a serious flaw in that functionality, I don't think it's worth issuing a bugfix package; it really doesn't matter for most people anyway. This is a generic issue, but have you seen other Linuxes, or *BSD, for that matter issue a special bugfix? No. If _all_ services were affected, there would surely be a fix for this. There are just too many bugs in all releases that'd warrant a bugfix release if this was the policy :-(
The maintainer of inetd has issued a patch. RedHat has made the patch available. To patch and create a new RPM takes less than 5 minutes (for someone who knows how). I don't understand why RedHat stopped.
Please do a query in bugzilla for "6.2" - "resolved" - "rawhide". 452 bugs fixed for the next release. Almost all of these bugs could be fixed in 6.2 too. Patches are available. Be realistic. This just can't be. The only real justification IMO for an update would be that inetd is going to be obsoleted and it can't just be easily rebuilt from RH7.0.
If this were a matter of a broken or missing feature, I would be "reasonable". Since this is a potential security problem (DOS on any machine using an internal inetd server) I still think a fixed RPM needs to be posted. Again, I'd like to point out that MY problem is solved. I simple think RedHat needs to fix this for other people. If you'd like to continue arguing (I always enjoy a good argument. :-) ) We should either move this to bugreport 16729 or private email.
My campus time server stopped serving time to rdate clients because of this problem, I am using RH6.2. A couple of rouge clients sent requests every few minutes and netstat -t reported about 1000 hung connections after which no more connections where added. My RH6.1 machine did not seem to have the same problem. WORK AROUND-- To 'fix' the problem quickly, I wrote the following simple time serving program. Everything now appears to be working OK #include <stdio.h> #include <time.h> #include <netinet/in.h> /* Number of seconds from Jan 1, 1900 to Jan 1, 1970 */ #define OFFSET 2208988800U int main () { unsigned int t = htonl( time(NULL) + OFFSET); fwrite (&t, sizeof(t), 1, stdout); return 0; } compiled and saved it in /usr/local/sbin/ptime and replaced the time line in /etc/inetd.conf with time stream tcp nowait root /usr/local/sbin/ptime ptime