From mwm@mired.org  Sat Oct  7 04:02:09 2000
Return-Path: <mwm@mired.org>
Received: from guru.mired.org (okc-27-149-77.mmcable.com [24.27.149.77])
	by hub.freebsd.org (Postfix) with SMTP id 5753237B502
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  7 Oct 2000 04:02:09 -0700 (PDT)
Received: (qmail 35661 invoked by uid 100); 7 Oct 2000 11:02:03 -0000
Message-Id: <20001007110203.35660.qmail@guru.mired.org>
Date: 7 Oct 2000 11:02:03 -0000
From: mwm@mired.org
Reply-To: mwm@mired.org
To: FreeBSD-gnats-submit@freebsd.org
Subject: Inetd's very existence is a security risk.
X-Send-Pr-Version: 3.2

>Number:         21814
>Category:       conf
>Synopsis:       Inetd's very existence is a security risk.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 07 04:10:00 PDT 2000
>Closed-Date:    Sat Oct 7 10:25:02 PDT 2000
>Last-Modified:  Sat Oct  7 15:20:01 PDT 2000
>Originator:     Mike Meyer
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Meyer Consulting
>Environment:

	A system that's going to be exposed to the internet-at-large,
	and thus needs to be secured.

>Description:

	I always (always, always, always) turn off inetd on any system
	that needs to be secured against exposure to the world. I'd
	really it rather not be on the system *at all*.

>How-To-Repeat:

	"make installworld" on your favorite box that doesn't run
	inetd, and notice that you get a brand, spanking new copy of
	inetd.

>Fix:

	The following patches add a hook to usr.sbin/Makefile to
	optionally disable building inetd, and an appropriate line to
	etc/defaults/make.conf describing the hook.

--- etc/defaults/make.conf-orig	Sat Oct  7 05:18:01 2000
+++ etc/defaults/make.conf	Sat Oct  7 05:18:19 2000
@@ -59,6 +59,7 @@
 #NO_CVS=	true	# do not build CVS
 #NO_BIND=	true	# do not build BIND
 #NO_FORTRAN=	true	# do not build g77 and related libraries
+#NO_INETD=     true    # do not build and install sendmial
 #NO_LPR=	true	# do not build lpr and related programs
 #NO_MAILWRAPPER=true	# do not build the mailwrapper(8) MTA selector
 #NO_MODULES=	true	# do not build modules with the kernel
--- usr.sbin/Makefile-orig	Sat Oct  7 04:23:59 2000
+++ usr.sbin/Makefile	Sat Oct  7 04:24:30 2000
@@ -32,7 +32,6 @@
 	getextattr \
 	gifconfig \
 	ifmcstat \
-	inetd \
 	iostat \
 	ipftest \
 	ipresend \
@@ -130,6 +129,10 @@
 	ndc \
 	nslookup \
 	nsupdate
+.endif
+
+.if !defined(NO_INETD)
+SUBDIR+=inetd
 .endif
 
 .if !defined(NO_LPR)



>Release-Note:
>Audit-Trail:

From: Kris Kennaway <kris@citusc.usc.edu>
To: mwm@mired.org
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/21814: Inetd's very existence is a security risk.
Date: Sat, 7 Oct 2000 04:35:18 -0700

 On Sat, Oct 07, 2000 at 11:02:03AM -0000, mwm@mired.org wrote:
 
 > 	"make installworld" on your favorite box that doesn't run
 > 	inetd, and notice that you get a brand, spanking new copy of
 > 	inetd.
 
 That's what this is for in /etc/rc.conf:
 
 inetd_enable="NO"               # Run the network daemon dispatcher (YES/NO).
 
 It's only a security risk if you're running it.
 
 Kris
 

From: Mike Meyer <mwm@mired.org>
To: Kris Kennaway <kris@citusc.usc.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/21814: Inetd's very existence is a security risk.
Date: Sat, 7 Oct 2000 06:42:55 -0500 (CDT)

 Kris Kennaway writes:
 > On Sat, Oct 07, 2000 at 11:02:03AM -0000, mwm@mired.org wrote:
 > 
 > > 	"make installworld" on your favorite box that doesn't run
 > > 	inetd, and notice that you get a brand, spanking new copy of
 > > 	inetd.
 > That's what this is for in /etc/rc.conf:
 > inetd_enable="NO"               # Run the network daemon dispatcher (YES/NO).
 > It's only a security risk if you're running it.
 
 Didn't really read the PR carefully, did you? The relevant part is:
 
         I always (always, always, always) turn off inetd on any system
         that needs to be secured against exposure to the world. I'd
         really it rather not be on the system *at all*.
 
 In other words, I *know* how to turn, but I want it gone
 completely. The patch makes that much saner. If you don't like that
 behavior, don't add NO_INETD to /etc/make.conf.
 
 	<mike
 
Responsible-Changed-From-To: freebsd-ports->freebsd-bugs 
Responsible-Changed-By: billf 
Responsible-Changed-When: Sat Oct 7 09:29:58 PDT 2000 
Responsible-Changed-Why:  
Thought I'd argue that this PR doesn't even belong in the 
system, at the very least it doesn't belong in the ports/* 
PR section. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21814 
State-Changed-From-To: open->closed 
State-Changed-By: wollman 
State-Changed-When: Sat Oct 7 10:25:02 PDT 2000 
State-Changed-Why:  
Any attacker who could run a pre-built inetd binary on your system 
is well capable of copying his own binary there.  Inetd does not have 
innate privilege.  Therefore, there is no conceivable security improvement 
from disabling it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=21814 

From: Kris Kennaway <kris@citusc.usc.edu>
To: Mike Meyer <mwm@mired.org>
Cc: Kris Kennaway <kris@citusc.usc.edu>,
	FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/21814: Inetd's very existence is a security risk.
Date: Sat, 7 Oct 2000 15:18:01 -0700

 On Sat, Oct 07, 2000 at 06:42:55AM -0500, Mike Meyer wrote:
 > Kris Kennaway writes:
 > > On Sat, Oct 07, 2000 at 11:02:03AM -0000, mwm@mired.org wrote:
 > > 
 > > > 	"make installworld" on your favorite box that doesn't run
 > > > 	inetd, and notice that you get a brand, spanking new copy of
 > > > 	inetd.
 > > That's what this is for in /etc/rc.conf:
 > > inetd_enable="NO"               # Run the network daemon dispatcher (YES/NO).
 > > It's only a security risk if you're running it.
 > 
 > Didn't really read the PR carefully, did you? The relevant part is:
 > 
 >         I always (always, always, always) turn off inetd on any system
 >         that needs to be secured against exposure to the world. I'd
 >         really it rather not be on the system *at all*.
 > 
 > In other words, I *know* how to turn, but I want it gone
 > completely. The patch makes that much saner. If you don't like that
 > behavior, don't add NO_INETD to /etc/make.conf.
 
 Well, IMO just not liking something isn't good grounds for yet another
 build knob. The inetd binary doesnt run with any privileges, it's not
 causing filesystem bloat, it's not taking up space on the root
 filesystem, and it's not conflicting with anything else.
 
 I think you'll have to provide a better justification of why this
 would be needed.
 
 Kris
 
 > 	<mike
 
>Unformatted:
