From nobody@FreeBSD.org  Mon Nov  4 13:40:44 2002
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3851B37B401
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Nov 2002 13:40:44 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C8E3343E8A
	for <freebsd-gnats-submit@FreeBSD.org>; Mon,  4 Nov 2002 13:40:43 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.6/8.12.6) with ESMTP id gA4Leh7R042731
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 4 Nov 2002 13:40:43 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.6/8.12.6/Submit) id gA4Leh6L042730;
	Mon, 4 Nov 2002 13:40:43 -0800 (PST)
Message-Id: <200211042140.gA4Leh6L042730@www.freebsd.org>
Date: Mon, 4 Nov 2002 13:40:43 -0800 (PST)
From: Michele Possamai <possamai@xs4all.nl>
To: freebsd-gnats-submit@FreeBSD.org
Subject: as a local non-root user and remote it's possible to make telnet throw up.
X-Send-Pr-Version: www-1.0

>Number:         44894
>Category:       bin
>Synopsis:       telnet(1): as a local non-root user and remote it's possible to make telnet throw up.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    markm
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 04 13:50:01 PST 2002
>Closed-Date:    Mon Dec 30 12:07:33 UTC 2013
>Last-Modified:  Mon Dec 30 12:07:33 UTC 2013
>Originator:     Michele Possamai
>Release:        FreeBSD-4.7-STABLE
>Organization:
>Environment:
FreeBSD tnt.yi.org 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Oct 17 21:43:25 CEST 2002     root@tnt.yi.org:/usr/src/sys/compile/SCORPIO  i386

FreeBSD xs1.xs4all.nl 4.5-RELEASE-p19 FreeBSD 4.5-RELEASE-p19 #2: Mon Oct 21 01:50:10 CEST 2002     cor@xs0.xs4all.nl:/usr/src/sys/compile/XS4ALL-SMP  i386

FreeBSD capricorn.tnt.intern 4.7-STABLE FreeBSD 4.7-STABLE #3: Thu Oct 10 20:25:13 CEST 2002     root@capricorn.tnt.intern:/usr/obj/usr/src/sys/CAPRICORN  i386

FreeBSD mdv.xs4all.nl 4.6-STABLE FreeBSD 4.6-STABLE #2: Tue Aug  6 03:03:47 CEST 2002     3ewh2ep@mdv.xs4all.nl:/usr/obj/usr/src/sys/DOMINATOR  i386

and probably more
>Description:
While expirimenting with C and sockets I accidently ran accross a little bitty bug. I just don't really know where the bug would be.. it's either in telnetd or in inetd.
But when running the program I wrote locally as a normal user I was able to dissable telnet access for a while... It does not effect running sessions but new connections just act like there's no service running on that port anymore. I don't really know what's happening.. but I first figured it out on the network.. so remote is possible as well. but local is just a lot faster.
The telnetd even really terminates with teh following message:
inetd[88]: telnet/tcp server failing (looping), service terminated

I know it's just telnet and it's not really a big deal. But I tryed a bsdi machine and it doesn't have the problem.. so it's not supposed to happen I guess..
>How-To-Repeat:
I used the following code to crash it locally.
just adjust the ip address to do it remote but it don't know how much bandwidth it needs..

/* code.c */
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#define DEST_IP "127.0.0.1"
#define DEST_PORT 23

main()
{
 for (;;) {
  int sockfd;
  struct sockaddr_in dest_addr;
  sockfd = socket(AF_INET, SOCK_STREAM, 0);
  dest_addr.sin_family = AF_INET;
  dest_addr.sin_port = htons(DEST_PORT);
  dest_addr.sin_addr.s_addr = inet_addr(DEST_IP);
  memset(&(dest_addr.sin_zero), '\0', 8); 
  connect(sockfd, (struct sockaddr *)&dest_addr, sizeof(struct sockaddr));
 }
}
/* end of code */
>Fix:
disable telnet.. it's better to use ssh anyway..
(don't know if other inetd processes might act the same as telnetd though..)
for a real fix: I don't even know what I wrote to crash it.. so I definatly don't know how to fix it
>Release-Note:
>Audit-Trail:

From: Giorgos Keramidas <keramida@freebsd.org>
To: Michele Possamai <possamai@xs4all.nl>
Cc: bug-followup@freebsd.org
Subject: Re: misc/44894: as a local non-root user and remote it's possible to make telnet throw up.
Date: Tue, 5 Nov 2002 04:44:59 +0200

 On 2002-11-04 13:40, Michele Possamai <possamai@xs4all.nl> wrote:
 > While expirimenting with C and sockets I accidently ran accross a
 > little bitty bug. I just don't really know where the bug would be..
 > it's either in telnetd or in inetd.  But when running the program I
 > wrote locally as a normal user I was able to dissable telnet access
 > for a while...
 
 You're hitting the telnet port so hard that you managed to DOS the
 service.  There are ways to limit the connections that inetd accepts.
 Try using the following line in inetd.conf:
 
 telnet  stream  tcp     nowait/20/10  root    /usr/libexec/telnetd telnetd
 
 Also look at the -c, -C and -R options of inetd :)
Responsible-Changed-From-To: freebsd-bugs->markm 
Responsible-Changed-By: kris 
Responsible-Changed-When: Fri Jul 18 15:03:09 PDT 2003 
Responsible-Changed-Why:  
Assign to telnet maintainer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44894 
State-Changed-From-To: open->closed 
State-Changed-By: markm 
State-Changed-When: Mon Dec 30 12:06:51 UTC 2013 
State-Changed-Why:  
Stale. Apologies. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=44894 
>Unformatted:
