Steve Grubb wrote:
> Hello,
>
> This is an updated xinetd patch. It tightens down the types of services that
> can be configured so that its only external apps that are tcp nowait. And it
> incorporates the change to getpeercon(3).
>
> If you want a srpm, you can download one here:
> http://people.redhat.com/sgrubb/files/lspp/xinetd-2.3.14-5.src.rpm
> It will be in tomorrow's rawhide.
I downloaded the source RPM above and gave it a shot using NetLabel and
telnet. Unfortunately, I keep running into a "Remote host closed the
connection" problem. Some simple debugging makes me believe that xinetd
is getting the correct context but for some reason the in.telnetd child
process dies. Does this sound familiar?
Attached is the xinetd debug output.
--
paul moore
linux security @ hp
Script started on Tue 29 Aug 2006 04:03:59 PM EDT
[EMAIL PROTECTED] ~]# xinetd -d
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/chargen-dgram [file=/etc/xinetd.conf]
[line=49]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/chargen-stream
[file=/etc/xinetd.d/chargen-stream] [line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/cvs [file=/etc/xinetd.d/cvs] [line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/daytime-dgram
[file=/etc/xinetd.d/daytime-dgram] [line=19]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/daytime-stream
[file=/etc/xinetd.d/daytime-stream] [line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/discard-dgram
[file=/etc/xinetd.d/discard-dgram] [line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/discard-stream
[file=/etc/xinetd.d/discard-stream] [line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/echo-dgram [file=/etc/xinetd.d/echo-dgram]
[line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/echo-stream [file=/etc/xinetd.d/echo-stream]
[line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/eklogin [file=/etc/xinetd.d/eklogin] [line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/ekrb5-telnet
[file=/etc/xinetd.d/ekrb5-telnet] [line=13]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/gssftp [file=/etc/xinetd.d/gssftp] [line=14]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/klogin [file=/etc/xinetd.d/klogin] [line=14]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/krb5-telnet [file=/etc/xinetd.d/krb5-telnet]
[line=13]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/kshell [file=/etc/xinetd.d/kshell] [line=13]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/rsync [file=/etc/xinetd.d/rsync] [line=13]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/tcpmux-server
[file=/etc/xinetd.d/tcpmux-server] [line=13]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/telnet [file=/etc/xinetd.d/telnet] [line=68]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/time-dgram [file=/etc/xinetd.d/time-dgram]
[line=14]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {handle_includedir} Reading included
configuration file: /etc/xinetd.d/time-stream [file=/etc/xinetd.d/time-stream]
[line=67]
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
chargen
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
chargen
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
cvspserver
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
daytime
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
daytime
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
discard
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
discard
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
echo
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
echo
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
eklogin
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
telnet
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
ftp
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
klogin
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
telnet
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
kshell
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
rsync
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
tcpmux
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
time
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {remove_disabled_services} removing
time
Service defaults
Instances = 50
Groups = yes
umask = 2
CPS = max conn:50 wait:10
PER_SOURCE = 10
Bind = All addresses.
Only from: All sites
No access: No blocked sites
Logging to syslog. Facility = daemon, level = info
Log_on_success flags = HOST DURATION EXIT PID
Log_on_failure flags = HOST
Service configuration: telnet
id = telnet
flags = REUSE IPv4 LABELED
socket_type = stream
Protocol (name,number) = (tcp,6)
port = 23
wait = no
user = 0
Groups = yes
umask = 2
PER_SOURCE = 10
Bind = All addresses.
Server = /usr/sbin/in.telnetd
Server argv = in.telnetd
Only from: All sites
No access: No blocked sites
Logging to syslog. Facility = daemon, level = info
Log_on_success flags = HOST DURATION EXIT PID
Log_on_failure flags = HOST USERID
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {cnf_start_services} Started service:
telnet
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {cnf_start_services} mask_max = 6,
services_started = 1
06/8/[EMAIL PROTECTED]:04:04: NOTICE: 6784 {main} xinetd Version 2.3.14 started
with libwrap loadavg labeled-networking options compiled in.
06/8/[EMAIL PROTECTED]:04:04: NOTICE: 6784 {main} Started working: 1 available
service
06/8/[EMAIL PROTECTED]:04:04: DEBUG: 6784 {main_loop} active_services = 1
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {main_loop} select returned 1
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {server_start} Starting service telnet
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6787 {exec_server} duping 7
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6787 {set_context_from_socket} current
security exec context now: root:staff_r:staff_t:s5:c4,c5,c190.c239
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {main_loop} active_services = 1
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {main_loop} select returned 1
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {check_pipe} Got signal 17 (Child
exited)
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {child_exit} waitpid returned = 6787
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {server_end} telnet server 6787 exited
06/8/[EMAIL PROTECTED]:04:09: INFO: 6784 {conn_free} freeing connection
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {child_exit} waitpid returned = -1
06/8/[EMAIL PROTECTED]:04:09: DEBUG: 6784 {main_loop} active_services = 1
06/8/[EMAIL PROTECTED]:04:12: NOTICE: 6784 {general_handler} Unexpected signal
2 (Interrupt)
[EMAIL PROTECTED] ~]#
Script done on Tue 29 Aug 2006 04:04:13 PM EDT
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
