Patch-ID# 101618-03
Keywords: security inetd server fd limit backlog listener
Synopsis: SunOS 4.1.3_U1: inetd fixes
Date: Jul/19/99
 
Solaris Release: 1.1.1

SunOS Release: 4.1.3_U1
 
Unbundled Product:
 
Unbundled Release:

Relevant Architectures: sun4(all) 
 
BugId's fixed with this patch: 1214036 1030599 1112111 4154509

Changes incorporated in this version: 4154509

Patches accumulated and obsoleted by this patch:

Patches which may conflict with this patch:

Patches required with this patch:

Obsoleted by:  

Files included with this patch:  sun4/inetd
                                 sun4c/inetd
                                 sun4m/inetd

Problem Description:

Bugid 4154509:
inetd security problem from "denial of service" attack 

Bugid 1214036:
inetd should have a flag to change listener backlog limit from default value

Bugid 1112111:
The file descriptor limit on inetd is too low. This patch of inetd
make use of the hardlimit for the number of file descriptor which is 1024.

Bugid 1030599:
inetd refuses to accept more than 40 connects per minute on a particular socket (loop detection) 

The SS1 is fast enough, that you can end up legitimately calling rsh more than 40 times per minute.

This patch adds a new argument, "-r", to inetd that allows you to 
specify number of connections allowed in the given time in seconds.
The default is to allow 40 connections in a 60 second period, E.G:

/usr/etc/inetd -r 40 60

Typically for a faster machine you might up this to 60 connections 
per minute, E.G:

/usr/etc/inetd -r 60 60

You will need to edit /etc/rc to make the change permanent each 
time the machine is rebooted, E.G:
...
...
if [ -f /usr/etc/inetd ]; then
        inetd -r 60 60;                  echo -n ' inetd'
fi
...
...


Patch Installation Instructions:
-------------------------------
1) As root, make a backup of the original inetd file:
   mv /usr/etc/inetd /usr/etc/inetd.FCS
   chmod 400 /usr/etc/inetd.FCS

2) Copy the new inetd file from the patch directory:
   cp `arch -k`/inetd /usr/etc/inetd

3) chmod 755 /usr/etc/inetd
   chown root.staff /usr/etc/inetd

4) Reboot the system.                                               


Special Install Instructions:
----------------------------
None.
