[Bug 269456] sshd stops accepting connections if tcp_wrapper is used

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 269456] sshd stops accepting connections if tcp_wrapper is used"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 10 Feb 2023 10:35:39 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=269456

            Bug ID: 269456
           Summary: sshd stops accepting connections if tcp_wrapper is
                    used
           Product: Base System
           Version: 13.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: lampa@fit.vutbr.cz

Change in "sshd: update the libwrap patch to drop connections early"
46aaea6c19ef1f377936eede16b4bdb626421dd6 moved tcp wrapper actions into main
loop in sshd:

 for (i = 0; i < num_listen_socks; i++) {
...
     if (!hosts_access(&req)) {
...

 }

If for any reason hosts_access() stalls (DNS lookup timeouts), it stops this
loop and sshd stops accepting any connections for some time (eventually
indefinitely if attacker is persistent). It seems that dropping connections in
main loop with tcp_wrapper is not a good idea.

-- 
You are receiving this mail because:
You are the assignee for the bug.