summaryrefslogtreecommitdiff
path: root/source/n/inetd/inetd.loopingdos.diff
blob: 5bfcc53ffaadef885087c5e4ab1f62c43c475252 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
--- ./inetd.c.orig	2003-09-06 15:08:41.000000000 -0700
+++ ./inetd.c	2003-09-06 16:26:24.000000000 -0700
@@ -171,7 +171,8 @@
 #include <rpcsvc/nfs_prot.h>
 #include "pathnames.h"
 
-#define	TOOMANY		256		/* don't start more than TOOMANY */
+#define	TOOMANY		0		/* don't start more than TOOMANY */
+					/* zero disables this stupid "feature" */
 #define	CNT_INTVL	60		/* servers in CNT_INTVL sec. */
 #define	RETRYTIME	(60*10)		/* retry after bind or server fail */
 
@@ -365,7 +366,7 @@
 			int val;
 
 			val = strtoul(optarg, &p, 0);
-			if (val >= 1 && *p == (char) NULL) {
+			if (val >= 0 && *p == (char) NULL) {
 				toomany = val;
 				break;
 			}
@@ -546,7 +547,7 @@
 		if (dofork) {
 			if (sep->se_count++ == 0)
 			    (void)gettimeofday(&sep->se_time, NULL);
-			else if (sep->se_count >= sep->se_max) {
+			else if (toomany > 0 && sep->se_count >= sep->se_max) {
 				struct timeval now;
 
 				(void)gettimeofday(&now, NULL);
--- ./inetd.8.orig	2003-09-06 16:26:50.000000000 -0700
+++ ./inetd.8	2003-09-06 16:30:27.000000000 -0700
@@ -68,7 +68,8 @@
 Turns on debugging.
 .It Fl R Ar rate
 Specify the maximum number of times a service can be invoked
-in one minute; the default is 256.
+in one minute; the default is unlimited.   A rate of 0 allows an 
+unlimited number of invocations.
 .El
 .Pp
 Upon execution,
@@ -249,9 +250,8 @@
 spawned from
 .Nm inetd
 within an interval of 60 seconds.
-When omitted,
-.Dq max
-defaults to 256.
+The default is unlimited (setting a limit may actually make it easier for
+an attacker to create a denial-of-service, and is not recommended).
 .Pp
 Stream servers are usually marked as
 .Dq nowait