[121] in bugtraq
Re: udp packet storms
daemon@ATHENA.MIT.EDU (Mark A. Fullmer)
Sun Oct 30 18:57:34 1994
From: "Mark A. Fullmer" <maf@net.ohio-state.edu>
To: bugtraq@crimelab.com
Date: Sun, 30 Oct 1994 17:48:39 -0500 (EST)
In-Reply-To: <199410301642.AA14919@panix.com> from "John Hawkinson" at Oct 30, 94 11:42:19 am
Reply-To: maf@net.ohio-state.edu
John Hawkinson writes:
>Egad, no! xinetd is HUGE, and is just way to big to run as root.
xinetd is nice, but it's very large, and has less functionality than
tcp_wrappers. Plus, there are bugs, one of which is a missing a initgroups()
which leaves you thinking a process that is running unpriviliged isn't.
Add vendors that ship with g+w directories...
xinetd.2.1.1 patchlevel 3:
*** child.c.old Mon Jul 25 21:02:03 1994
--- child.c Mon Jul 25 21:02:53 1994
***************
*** 14,19 ****
--- 14,20 ----
#include <netinet/in.h>
#include <syslog.h>
#include <errno.h>
+ #include <pwd.h>
#include "str.h"
#include "pset.h"
***************
*** 126,136 ****
--- 127,150 ----
if ( ps.ros.is_superuser )
{
int gid = sc_getgid( scp ) ;
+ struct passwd *pwd ;
if ( setgid( gid ) == -1 )
{
msg( LOG_ERR, func, "setgid failed: %m" ) ;
_exit( 1 ) ;
+ }
+
+ if (! (pwd = getpwuid ( SC_UID( scp ) ) ) )
+ {
+ msg( LOG_ERR, func, "getpwuid failed: %m" ) ;
+ _exit( 1 ) ;
+ }
+
+ if ( initgroups(pwd->pw_name, pwd->pw_gid) )
+ {
+ msg( LOG_ERR, func, "initgroups failed: %m" ) ;
+ _exit( 1 ) ;
}
}
else
grep 'setuid' other things. This error shows up in other software
too.
--
mark
maf+@osu.edu