Subject: bin/1323: inetd (rc) runs before securelevel is raised!
To: None <gnats-bugs@gnats.NetBSD.ORG>
From: John Hawkinson <jhawk@MIT.EDU>
Date: 08/08/1995 21:02:30
>Synopsis: inetd (rc) runs before securelevel is raised!
>Responsible: bin-bug-people (Utility Bug People)
>Arrival-Date: Tue Aug 8 21:05:02 1995
>Originator: John Hawkinson
System: NetBSD lola-granola 1.0A NetBSD 1.0A (LOLA) #72: Mon Aug 7 11:57:26 EDT 1995 mycroft@lola-granola:/afs/sipb.mit.edu/project/netbsd/dev/current-source/build/i386_nbsd1/sys/arch/i386/compile/LOLA i386
rlogin and telnet and other services are accessible in the window
between the start of inetd and the end of execution of /etc/rc.
This means that logins are possible and users can do nasty stuff
while securelevel is still 0.
Login as remotely (for instance, as root) and do all manner of
nasty things as soon as a machine comes up.
I'm really not sure. Perhaps inetd should check securelevel and
sleep unless invoked with a particular option. Perhaps telnetd and
rlogind and half-a-zillion other daemons should check securelevel
before permitting logins?