*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Binary package hint: xinetd
With a standard installation of xinetd, I added the line:
enabled = chargen-stream
to the defaults part of /etc/xinetd.conf. The disable = yes line is
still present in /etc/xinetd.d/chargen.
After restarting the xinetd service, the chargen service is suddenly
available. This clashes with the man-page description of enabled:
enabled Takes a list of service ID's to enable. This will
enable only the services listed as arguments to this
attribute; the rest will be disabled. If you have 2
ftp services, you will need to list both of their ID's
and not just ftp. (ftp is the service name, not the
ID. It might accidentally be the ID, but you better
check.) Note that the service "disable" attribute and
"DISABLE" flag can prevent a service from being
enabled despite being listed in this attribute.
I'm using xinetd-2.3.14-5 on Ubuntu 8.04.1 and xinetd-2.3.14-0ubuntu1
on Ubuntu 6.06LTS. I have also tested xinetd-2.3.14-115.1 from openSUSE
11.0 and xinetd-2.3.14-10.el5 from CentOS. The SuSE one works as the
man-page describes, while the CentOS works in the same way as the Ubuntu
one. I haven't tested an unmodified upstream.
Note: I've marked this as a security problem, as the user might think
that a specific service is disabled, while in reality xinetd still
enables the service.
** Affects: xinetd (Ubuntu)
Importance: Undecided
Status: New
--
xinetd enabled is not overruled by disable in service declaration
https://bugs.launchpad.net/bugs/280053
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
