Bug#35166: marked as done (xinetd SD1 patch (security fixes and new features))
Your message dated Sun, 26 Dec 1999 20:46:22 +0100
with message-id <19991226204622.A1535@jagor.srce.hr>
and subject line latest xinetd Debian package (2.1.8.7) fixes these problems
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Darren Benham
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Mar 1999 15:36:32 +0000
Received: (qmail 2062 invoked from network); 28 Mar 1999 15:36:31 -0000
Received: from rulway.leidenuniv.nl (132.229.8.6)
by master.debian.org with SMTP; 28 Mar 1999 15:36:31 -0000
Received: from lightning.mors.net (root@home023.wi.leidenuniv.nl [132.229.210.151])
by rulway.leidenuniv.nl (8.9.1/8.9.1) with ESMTP id RAA14740;
Sun, 28 Mar 1999 17:36:30 +0200 (MET DST)
Received: (from wichert@localhost)
by lightning.mors.net (8.9.3/8.9.3/Debian/GNU) id RAA02668;
Sun, 28 Mar 1999 17:02:28 +0200
Date: Sun, 28 Mar 1999 17:02:28 +0200
From: Wichert Akkerman <wichert@cs.leidenuniv.nl>
To: Solar Designer <solar@false.com>, submit@bugs.debian.org
Subject: Re: xinetd
Message-ID: <19990328170228.I1786@cs.leidenuniv.nl>
References: <199903262049.XAA28939@false.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.3i
In-Reply-To: <199903262049.XAA28939@false.com>; from Solar Designer on Fri, Mar 26, 1999 at 11:49:47PM +0300
Package: xinetd
Severity: normal
Since you already mentioned Debian we might as well file it as a
bugreport for the package :)
Norbert, can you check this patch and include it in the package?
Wichert.
Previously Solar Designer wrote:
> Hi,
>
> I've finally decided to post the URL for my xinetd patch, that I've
> been running here for a month now. I didn't really audit xinetd, but
> did quite a few security-related improvements, including adding new
> features. I think that the patch should be incorporated into those
> used by various Linux distributions, such as Debian. Get it at:
>
> ftp://ftp.dataforce.net/pub/solar/xinetd-2.2.1-SD1.diff
>
> Changes to the existing code:
>
> 1. Supplementary groups are now dropped by default instead of setting
> them according to /etc/group. The old behavior was dangerous, as root
> is usually a member of multiple groups and some daemons don't reset
> them even when dropping to the authenticated user.
>
> 2. On a SIGHUP, writes to /var/run/xinetd.dump, not /tmp/xinetd.dump.
>
> 3. A theoretical race condition (found by accident, I didn't audit the
> code) is fixed.
>
> New features:
>
> 1. Per-source-address session count limits, separate for each service.
> The option is "per_source" (works in the defaults section, too). Its
> usage is similar to the "instances" option.
>
> 2. New option for services: "groups = yes" can be used to enable the
> old behavior for supplementary groups.
>
> 3. The ability to pass server arguments starting with argv[0], via the
> added "server_args0" option.
>
> Other changes that should preferably be done if including the patch
> in a distribution, but that I don't have the time for:
>
> 1. Update the documentation to cover the new features.
>
> 2. Update the "itox" utility to make it use "server_args0" instead of
> just throwing away all "tcpd" calls. Also make it recognize groups in
> inetd.conf (such as "talkd.tty") and generate the corresponding xinetd
> options ("group = tty" for the above example).
>
> It would be nice if someone could do those as well, but I think that
> the patch is already useful enough to be worth including even in its
> current state.
>
> Signed,
> Solar Designer
>
--
==============================================================================
This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/
---------------------------------------
Received: (at 35166-done) by bugs.debian.org; 26 Dec 1999 19:46:29 +0000
Received: (qmail 30109 invoked from network); 26 Dec 1999 19:46:27 -0000
Received: from jagor.srce.hr (jrodin@161.53.2.130)
by master.debian.org with SMTP; 26 Dec 1999 19:46:27 -0000
Received: (from jrodin@localhost)
by jagor.srce.hr (8.9.0/8.9.0) id UAA01751;
Sun, 26 Dec 1999 20:46:22 +0100 (MET)
Date: Sun, 26 Dec 1999 20:46:22 +0100
From: Josip Rodin <jrodin@public.srce.hr>
To: 31500-done@bugs.debian.org, 35166-done@bugs.debian.org,
36809-done@bugs.debian.org, 37134-done@bugs.debian.org,
38361-done@bugs.debian.org, 41386-done@bugs.debian.org,
41568-done@bugs.debian.org, 43161-done@bugs.debian.org,
44099-done@bugs.debian.org, 44529-done@bugs.debian.org,
44537-done@bugs.debian.org, 45602-done@bugs.debian.org,
46572-done@bugs.debian.org, 46603-done@bugs.debian.org,
49398-done@bugs.debian.org, 49438-done@bugs.debian.org
Subject: latest xinetd Debian package (2.1.8.7) fixes these problems
Message-ID: <19991226204622.A1535@jagor.srce.hr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95i
Hi people,
All these problems you reported against Debian xinetd package
are fixed now. Please upgrade, if you can.
In case you wondered, the bugs haven't been closed until now because the
package maintainer wasn't around, and the package is in fact orphaned. I am
doing this as a member of the quality assurance group.
Thanks for reporting...
--
enJoy -*/\*- don't even try to pronounce my first name
Reply to: