Re: udp packet storms

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: smb@research.att.com: "Re: udp packet storms"
• Previous message: Peter Wemm: "Re: udp packet storms"
• In reply to: John Hawkinson: "Re: udp packet storms"
• Next in thread: Jas: "Re: udp packet storms"

John Hawkinson writes:

>Egad, no! xinetd is HUGE, and is just way to big to run as root.

xinetd is nice, but it's very large, and has less functionality than 
tcp_wrappers.  Plus, there are bugs, one of which is a missing a initgroups()
which leaves you thinking a process that is running unpriviliged isn't.

Add vendors that ship with g+w directories...


xinetd.2.1.1 patchlevel 3:


*** child.c.old	Mon Jul 25 21:02:03 1994
--- child.c	Mon Jul 25 21:02:53 1994
***************
*** 14,19 ****
--- 14,20 ----
  #include <netinet/in.h>
  #include <syslog.h>
  #include <errno.h>
+ #include <pwd.h>
  
  #include "str.h"
  #include "pset.h"
***************
*** 126,136 ****
--- 127,150 ----
  		if ( ps.ros.is_superuser )
  		{
  			int gid = sc_getgid( scp ) ;
+ 			struct passwd *pwd ;
  
  			if ( setgid( gid ) == -1 )
  			{
  				msg( LOG_ERR, func, "setgid failed: %m" ) ;
  				_exit( 1 ) ;
+ 			}
+ 
+ 			if (! (pwd = getpwuid ( SC_UID( scp ) ) ) )
+ 			{
+ 				msg( LOG_ERR, func, "getpwuid failed: %m" ) ;
+ 				_exit( 1 ) ;
+ 			}
+ 
+ 			if ( initgroups(pwd->pw_name, pwd->pw_gid) )
+ 			{
+ 				msg( LOG_ERR, func, "initgroups failed: %m" ) ;
+ 				_exit( 1 ) ;
  			}
  		}
  		else


grep 'setuid' other things.  This error shows up in other software
too.

-- 
mark
maf+@osu.edu

• Next message: smb@research.att.com: "Re: udp packet storms"
• Previous message: Peter Wemm: "Re: udp packet storms"
• In reply to: John Hawkinson: "Re: udp packet storms"
• Next in thread: Jas: "Re: udp packet storms"