From ishizuka@ish.org Sun May 23 00:15:26 1999
Return-Path: <ishizuka@ish.org>
Received: from onion.ish.org (onion.ish.org [210.145.219.202])
	by hub.freebsd.org (Postfix) with ESMTP id A67A014E13
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 23 May 1999 00:15:20 -0700 (PDT)
	(envelope-from ishizuka@ish.org)
Received: (from ishizuka@localhost)
	by onion.ish.org (8.9.3/3.7Wpl1-08/27/98) id QAA11991;
	Sun, 23 May 1999 16:15:18 +0900 (JST)
Message-Id: <199905230715.QAA11991@onion.ish.org>
Date: Sun, 23 May 1999 16:15:18 +0900 (JST)
From: Masachika ISHIZUKA <ishizuka@ish.org>
Reply-To: ishizuka@ish.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: inetd is broken when kill -HUP
X-Send-Pr-Version: 3.2

>Number:         11860
>Category:       bin
>Synopsis:       inetd is broken if kill -HUP `/var/run/inetd.pid`
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun May 23 00:20:00 PDT 1999
>Closed-Date:    Wed Jun 9 08:53:35 PDT 1999
>Last-Modified:  Wed Jun  9 08:54:05 PDT 1999
>Originator:     Masachika ISHIZUKA
>Release:        FreeBSD 3.2-RELEASE i386
>Organization:
ish.org
>Environment:

  FreeBSD 3.2R

>Description:

  After modifying /etc/inetd.conf, we use the following command,

# kill -HUP `/var/run/inetd.pid`

But it let inetd not to work correctly.
  After kill -HUP, inetd can't recognize daemon name in
/etc/hosts.allow.
  For example,

| onion% cat /etc/hosts.allow
| telnetd : pumpkin : allow
| ALL : ALL : deny
| 
| pumpkin% telnet onion
| Trying xxx.xxx.xxx.xxx...
| Connected to onion
| Escape character is '^]'.
| 
| FreeBSD (onion) (ttyp1)
| 
| login:
| 
| onion# kill -HUP `/var/run/inetd.pid`
| 
| pumpkin% telnet onion
| Trying xxx.xxx.xxx.xxx...
| Connected to onion
| Escape character is '^]'.
| Connection closed by foreign host.

>How-To-Repeat:

  See description.

>Fix:

  I don't know.
  You can kill inetd, and then restart /usr/sbin/inetd, but I
think its very dangerous.


>Release-Note:
>Audit-Trail:

From: Masachika ISHIZUKA <ishizuka@ish.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: bin/11860: inetd is broken when kill -HUP
Date: Wed, 26 May 1999 00:06:18 +0900

 >>Synopsis:       inetd is broken if kill -HUP `/var/run/inetd.pid`
 
   Hi.
   The patch was sent by hiroya-san as [FreeBSD-net-jp 1596]
 (FreeBSD network mailling list in Japan).
   I think this patch is very good.
   We tested with the following samples.
   If you use inetd without this patch on FreeBSD 3.2R, you
 can find the daemon's name is changed each times when you
 'kill -HUP `cat /var/run/inetd.pid`'.
   I think this is a very serious security bug for inetd with
 3.2R, so you should apply this patch as soon as possible.
 
 (sample comfiguration)
 % grep -v '^#' /etc/inetd.conf
 ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
 telnet  stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
 comsat  dgram   udp     wait    tty:tty /usr/libexec/comsat     comsat
 ntalk   dgram   udp     wait    tty:tty /usr/libexec/ntalkd     ntalkd
 
 % cat /etc/hosts.allow
 ALL : ALL : twist /bin/echo "You are not welcome to use %d from %h."
 
 % telnet localhost
 You are not welcome to use telnetd from localhost.
                            ~~~~~~~
 # kill -hup `cat /var/run/inetd.pid`
 
 % telnet localhost
 You are not welcome to use comsat from localhost.
                            ~~~~~~
 # kill -hup `cat /var/run/inetd.pid`
 
 % telnet localhost
 You are not welcome to use ntalkd from localhost.
                            ~~~~~~
 # kill -hup `cat /var/run/inetd.pid`
 
 % telnet localhost
 You are not welcome to use ___ from localhost.
                            ~~~
 
 (patch by hiroya-san [FreeBSD-net-jp 1596])
 --- inetd.c.org	Mon May 24 19:16:14 1999
 +++ inetd.c	Mon May 24 19:16:48 1999
 @@ -911,6 +911,7 @@
  			SWAP(sep->se_class, new->se_class);
  #endif
  			SWAP(sep->se_server, new->se_server);
 +			SWAP(sep->se_server_name, new->se_server_name);
  			for (i = 0; i < MAXARGV; i++)
  				SWAP(sep->se_argv[i], new->se_argv[i]);
  			sigsetmask(omask);
 
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Wed Jun 9 08:53:35 PDT 1999 
State-Changed-Why:  
Superseded by PR 12097 . 
>Unformatted:
