[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Advice on inetd Denial of Service Bug

Hello world,

inetd currently has a bug (Bug#60770) whereby internal services (in
particular discard/tcp) that fork don't close their inherited listening
sockets. This means that if:

	* attacker@naughty.org telnets to debian.victim.com port 9

	* subsequently root@debian.victim.com either upgrades netbase,
	  or manually stops and restarts inetd

...then inetd will quietly fail to start, and none of the inetd services
will continue to be available. Note that this is dependent on the *old*
version of inetd, not the new one being upgraded too.

I have a fix for the bug in my local source tree, but that still leaves a
window open for people upgrading from slink to potato, whereby they can
be DOSed until the admin notices and kills the offending -discard/inetd
process (or the systems reboots, whatever).

Unfortunately I can't think of a reasonable way of checking for this
in the preinst. The shell code I posted to the bug report works okay
for testing, but it'll report existing connections that are perfectly
reasonable, rather than just programs listening where they shouldn't be,
so it's not particularly good for sticking in a preinst and randomly
killing processes. It also depends on an optional package, which ain't

Ideas? Or should I just forget it, and let people doing an upgrade look
out for themselves?


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpAn_Zo_8LRX.pgp
Description: PGP signature

Reply to: