https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269456
Bug ID: 269456
Summary: sshd stops accepting connections if tcp_wrapper is
used
Product: Base System
Version: 13.1-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Change in "sshd: update the libwrap patch to drop connections early"
46aaea6c19ef1f377936eede16b4bdb626421dd6 moved tcp wrapper actions into main
loop in sshd:
for (i = 0; i < num_listen_socks; i++) {
...
if (!hosts_access(&req)) {
...
}
If for any reason hosts_access() stalls (DNS lookup timeouts), it stops this
loop and sshd stops accepting any connections for some time (eventually
indefinitely if attacker is persistent). It seems that dropping connections in
main loop with tcp_wrapper is not a good idea.
--
You are receiving this mail because:
You are the assignee for the bug.
