From nobody@FreeBSD.org  Fri Apr 25 03:54:25 2008
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 48E17106564A
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 25 Apr 2008 03:54:25 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 3808D8FC1B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 25 Apr 2008 03:54:25 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m3P3rvdb081306
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 25 Apr 2008 03:53:57 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.2/8.14.1/Submit) id m3P3rvQe081305;
	Fri, 25 Apr 2008 03:53:57 GMT
	(envelope-from nobody)
Message-Id: <200804250353.m3P3rvQe081305@www.freebsd.org>
Date: Fri, 25 Apr 2008 03:53:57 GMT
From: Tim Hogard <thogard@abnormal.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: inetd takes 100% cpu
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         123065
>Category:       bin
>Synopsis:       inetd(8) takes 100% cpu
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 25 04:00:06 UTC 2008
>Closed-Date:    Wed Oct 22 15:13:29 UTC 2008
>Last-Modified:  Tue Jul 10 03:39:56 UTC 2012
>Originator:     Tim Hogard
>Release:        6.3 Stable
>Organization:
>Environment:
FreeBSD t0.abnormal.com 6.3-STABLE FreeBSD 6.3-STABLE #5: Mon Apr  7 11:00:07 UTC 2008     thogard@t0.abnormal.com:/usr/obj/usr/src/sys/TIM  amd64


>Description:
I'm running inetd from init by a config line in /etc/ttys as an attempt to get telnet access to a remote server  that likes to reboot into single user mode (i.e. the whole remote console problem)

This solution works however inetd to wants to take all the CPU after this starts and I suspect that is a result of some bug that might have larger implications.

in /etc/ttys:

none    "/usr/sbin/inetd -d -a 64.27.26.118 -p /tmp/foo2.pid /etc/inetd.single.conf" unknown on secure

Then in /etc/inetd.single.conf:
telnet    stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd


>How-To-Repeat:
1) add below "console" in /etc/ttys
none    "/usr/sbin/inetd -d -p /tmp/foo2.pid /etc/inetd.single.conf" unknown on secure


2) then create /etc/inetd.single.conf
telnet    stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd

3) tell init to look at /etc/ttys again:
# init q

4) from some other server
$ telnet host 
Login as a general user, then log out

5) Use top or ps to see inetd is taking 100% of the CPU

>Fix:
A fix to the problem my be a adding a "don't go in background" flag for inetd but this could just by a symptom of a different problem.

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: vwe 
State-Changed-When: Mon Apr 28 22:05:36 UTC 2008 
State-Changed-Why:  

Submitter has been asked for feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123065 

From: Volker <volker@vwsoft.com>
To: bug-followup@FreeBSD.org, thogard@abnormal.com
Cc:  
Subject: Re: bin/123065: inetd takes 100% cpu
Date: Tue, 29 Apr 2008 00:05:12 +0200

 Tim,
 
 while your idea might look nice in the first place, I see a lot problems
 with that solution. I think you're already aware of the security risks
 of your hack.
 
 Your config instructs inetd to set verbose debugging mode, bind to a
 specific IP address and write it's pidfile to /tmp. It is not guaranteed
 (and by default not the case) to have 1) syslogd running in single user
 mode and 2) the network interfaces are up.
 
 Also inetd lives in /usr/sbin, needs libs from /usr/lib, telnetd lives
 in /usr/libexec and also needs libs from /usr/lib. In single user mode
 the only filesystem mounted will be the root-fs and it's mounted
 read-only. syslogd logs by default to /var/log.
 
 Please make sure, filesystems root-fs, /usr, /var and /tmp are mounted
 and /tmp and /var are writable, syslogd is started. If you can make sure
 all these conditions are met, please check if you can reproduce this. If
 the problem persists, we need ktrace debug output.
 
 Also when logging in and out, login(1) tries to write wtmp which may
 also fail with r/o mounts.
 
 Please keep in mind, your solution should not be used in the public network.
 
 Volker
Responsible-Changed-From-To: freebsd-bugs->dwmalone 
Responsible-Changed-By: dwmalone 
Responsible-Changed-When: Fri Oct 3 20:23:14 UTC 2008 
Responsible-Changed-Why:  
I'll take a look at this - I think I know what Tim is getting at. 

David. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123065 

From: David Malone <dwmalone@maths.tcd.ie>
To: bug-followup@FreeBSD.org, thogard@abnormal.com
Cc:  
Subject: Re: bin/123065: inetd(8) takes 100% cpu
Date: Fri, 03 Oct 2008 21:58:58 +0100

 OK - I've reproduced this and I think I understand what is happening.
 I think the problem is that because of the unusual way that you are
 running inetd from init, inetd is run with stdin, stdout and stderr
 closed. This usually shouldn't be a problem for inetd 'cos it calls
 daemon(), which will open stdin, stdout and stderr with a copy of
 /dev/null. However, if you give inetd the -d flag, then it doesn't
 call daemon().
 
 Subsequently, some of inetd's internal file discriptors get confused
 with the standard discriptors and chaos ensues.
 
 I'm not sure what the best way to fix this is - it might be easiest
 to use sh to open /dev/null - something like making a shell script
 called inetd_devnull.sh that does:
 
 	#!/bin/sh
 	/usr/sbin/inetd -d -p /tmp/foo2.pid /etc/inetd.single.conf > /dev/null </dev/null 2>&1'
 
 and then call that from /etc.ttys:
 
 	none "/usr/bin/inetd_devnull.sh" unknown on secure
 
 Might work!
 
 	David.
State-Changed-From-To: feedback->closed 
State-Changed-By: dwmalone 
State-Changed-When: Wed Oct 22 15:12:41 UTC 2008 
State-Changed-Why:  
Mail to submitter bounces, and I think I understand why the problem 
occurs. 

David. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123065 
Responsible-Changed-From-To: dwmalone->freebsd-bugs 
Responsible-Changed-By: eadler 
Responsible-Changed-When: Tue Jul 10 03:39:55 UTC 2012 
Responsible-Changed-Why:  
over to the pool (approved by bugmeister) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=123065 
>Unformatted:
