Patch-ID# 102416-03
Keywords: security server inetd fd limit backlog 
Synopsis: SunOS 4.1.4: inetd fixes
Date: Jul/19/99
 
Solaris Release: 1.1.2

SunOS Release: 4.1.4

Unbundled Product:
 
Unbundled Release:

Relevant Architectures: sparc
    NOTE: sun4(all)
 
BugId's fixed with this patch: 1214036 1030599 1112111 4154509

Changes incorporated in this version: 4154509

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:  

Files included with this patch:  sun4/inetd
                                 sun4c/inetd
                                 sun4m/inetd

Problem Description:

Bugid 4154509:
inetd security problem from "denial of service" attack

Bugid 1214036:
inetd should have a flag to change listener backlog limit from default value

Bugid 1112111:
The file descriptor limit on inetd is too low. This patch of inetd
make use of the hardlimit for the number of file descriptor which is 1024.

Bugid 1030599:
inetd refuses to accept more than 40 connects per minute on a 
particular socket (loop detection) 

The SS1 is fast enough, that you can end up legitimately calling 
rsh more than 40 times per minute.

This patch adds a new argument, "-r", to inetd that allows you to 
specify number of connections allowed in the given time in seconds.
The default is to allow 40 connections in a 60 second period, E.G:

/usr/etc/inetd -r 40 60

Typically for a faster machine you might up this to 60 connections
per minute, E.G:

/usr/etc/inetd -r 60 60

You will need to edit /etc/rc to make the change permanent each 
time the machine is rebooted, E.G:
...
...
if [ -f /usr/etc/inetd ]; then
        inetd -r 60 60;                  echo -n ' inetd'
fi
...
...


Patch Installation Instructions:
-------------------------------
1)  As root, make a backup of the original inetd file:
    mv /usr/etc/inetd /usr/etc/inetd.FCS
    chmod 400 /usr/etc/inetd.FCS

2)  Copy the new inetd from the patch directory:
    cp `arch -k`/inetd /usr/etc/inetd

3)  chmod 755 /usr/etc/inetd
    chown root.staff /usr/etc/inetd

4)  Reboot the system.


Special Install Instructions:
-------------------------------
None.
