[943] in NetBSD-Development
daemon@ATHENA.MIT.EDU (John Hawkinson)
Tue Aug 8 21:03:05 1995
Date: Tue, 8 Aug 1995 21:02:30 -0400
From: John Hawkinson <jhawk@MIT.EDU>
To: gnats-bugs@gnats.NetBSD.ORG
Cc: ghudson@MIT.EDU, netbsd-dev@MIT.EDU
Reply-To: jhawk@MIT.EDU
>Submitter-Id: net
>Originator: John Hawkinson
>Organization:
MIT SIPB
>Confidential: no
>Synopsis: inetd (rc) runs before securelevel is raised!
>Severity: critical
>Priority: low
>Category: bin
>Class: sw-bug
>Release: -current
>Environment:
System: NetBSD lola-granola 1.0A NetBSD 1.0A (LOLA) #72: Mon Aug 7 11:57:26 EDT 1995 mycroft@lola-granola:/afs/sipb.mit.edu/project/netbsd/dev/current-source/build/i386_nbsd1/sys/arch/i386/compile/LOLA i386
>Description:
rlogin and telnet and other services are accessible in the window
between the start of inetd and the end of execution of /etc/rc.
This means that logins are possible and users can do nasty stuff
while securelevel is still 0.
>How-To-Repeat:
Login as remotely (for instance, as root) and do all manner of
nasty things as soon as a machine comes up.
>Fix:
I'm really not sure. Perhaps inetd should check securelevel and
sleep unless invoked with a particular option. Perhaps telnetd and
rlogind and half-a-zillion other daemons should check securelevel
before permitting logins?
??
