Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 71538 - libwrap causes unexpected failures / denial of service
libwrap causes unexpected failures / denial of service
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: xinetd (Show other bugs)
7.2
All Linux
medium Severity high
: ---
: ---
Assigned To: Trond Eivind Glomsrxd
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-08-14 17:26 EDT by ae
Modified: 2007-04-18 12:45 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-08-14 17:30:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description ae 2002-08-14 17:26:35 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/0

Description of problem:
I worked with tftp but this seems general.
If a client's ip does not resolve, then tftp does not start.
Error text is "libwrap refused connection to tftp from ...."
If "instances = UNLIMITED" and/or "per_source = UNLIMITED"
are ineffective (and they are in xinetd from 7.2 but seem
correct in xinetd-2.3.7-1), then the tftp service is lost.
Error text is "tftp service was deactivated because of looping".
If they ARE effective, then still no joy, and you pound syslogd.

Removing "only_from" expressions did not help.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.have on hand a tftp client whose ip does not resolve.
2.arrange for a dhcpd.conf entry for it, so that it will then
  attempt a tftp from linux box.
3.activate tftp on linux
4.connect the client machine to the net let it boot.

Actual Results:  tftp service is disrupted.

Additional info:

This likely of high interest to LTSP project.
Comment 1 ae 2002-08-14 17:30:12 EDT 
As a workaround (tested in xinetd-2.3.7-1) say
     flags = NOLIBWRAP
which I suppose makes your "only_from" lines useless,
and access control becomes an ipchains problem.
Comment 2 Trond Eivind Glomsrxd 2002-08-15 15:46:21 EDT 
No, NOLIBWRAP deals with /etc/hosts.{allow,deny}, not only_from.

Anyway, 2.3.7 is what is in rawhide currently..
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.