This bug has been around for decades. I'm amazed it hasn't already
been fixed. :)
The bug:
In inetd, in the "server failing (looping), service terminated"
situation, the file descriptor opened by the accept() call for
nowait/SOCK_STREAM services isn't closed.
Consequence:
inetd could run out of free file descriptors, allowing a denial of
service via repeatedly evoking the bug with a flood of requests.
Suggested patch:
------------------------------
--- gnu-inetd.c~ 2008-12-27 13:50:35.000000000 -0500
+++ gnu-inetd.c 2009-01-28 22:06:02.000000000 -0500
@@ -2026,6 +2026,8 @@
"%s/%s server failing (looping), service
terminated",
sep->se_service, sep->se_proto);
close_sep (sep);
+ if (!sep->se_wait && sep->se_socktype == SOCK_STREAM)
+ close (ctrl);
signal_unblock (NULL);
if (!timingout)
{
------------------------------
If you agree with the patch, please pass it on to the BSD folks, too.
I don't have their bug submission address. HTH,
-WBE
