Subject: bin/1323: inetd (rc) runs before securelevel is raised!
To: None <gnats-bugs@gnats.NetBSD.ORG>
From: John Hawkinson <jhawk@MIT.EDU>
List: netbsd-bugs
Date: 08/08/1995 21:02:30
>Number: 1323
>Category: bin
>Synopsis: inetd (rc) runs before securelevel is raised!
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Aug 8 21:05:02 1995
>Last-Modified:
>Originator: John Hawkinson
>Organization:
MIT SIPB
>Release: -current
>Environment:
System: NetBSD lola-granola 1.0A NetBSD 1.0A (LOLA) #72: Mon Aug 7 11:57:26 EDT 1995 mycroft@lola-granola:/afs/sipb.mit.edu/project/netbsd/dev/current-source/build/i386_nbsd1/sys/arch/i386/compile/LOLA i386
>Description:
rlogin and telnet and other services are accessible in the window
between the start of inetd and the end of execution of /etc/rc.
This means that logins are possible and users can do nasty stuff
while securelevel is still 0.
>How-To-Repeat:
Login as remotely (for instance, as root) and do all manner of
nasty things as soon as a machine comes up.
>Fix:
I'm really not sure. Perhaps inetd should check securelevel and
sleep unless invoked with a particular option. Perhaps telnetd and
rlogind and half-a-zillion other daemons should check securelevel
before permitting logins?
??
>Audit-Trail:
>Unformatted: