--- ./inetd.c.orig 2003-09-06 15:08:41.000000000 -0700 +++ ./inetd.c 2003-09-06 16:26:24.000000000 -0700 @@ -171,7 +171,8 @@ #include <rpcsvc/nfs_prot.h> #include "pathnames.h" -#define TOOMANY 256 /* don't start more than TOOMANY */ +#define TOOMANY 0 /* don't start more than TOOMANY */ + /* zero disables this stupid "feature" */ #define CNT_INTVL 60 /* servers in CNT_INTVL sec. */ #define RETRYTIME (60*10) /* retry after bind or server fail */ @@ -365,7 +366,7 @@ int val; val = strtoul(optarg, &p, 0); - if (val >= 1 && *p == (char) NULL) { + if (val >= 0 && *p == (char) NULL) { toomany = val; break; } @@ -546,7 +547,7 @@ if (dofork) { if (sep->se_count++ == 0) (void)gettimeofday(&sep->se_time, NULL); - else if (sep->se_count >= sep->se_max) { + else if (toomany > 0 && sep->se_count >= sep->se_max) { struct timeval now; (void)gettimeofday(&now, NULL); --- ./inetd.8.orig 2003-09-06 16:26:50.000000000 -0700 +++ ./inetd.8 2003-09-06 16:30:27.000000000 -0700 @@ -68,7 +68,8 @@ Turns on debugging. .It Fl R Ar rate Specify the maximum number of times a service can be invoked -in one minute; the default is 256. +in one minute; the default is unlimited. A rate of 0 allows an +unlimited number of invocations. .El .Pp Upon execution, @@ -249,9 +250,8 @@ spawned from .Nm inetd within an interval of 60 seconds. -When omitted, -.Dq max -defaults to 256. +The default is unlimited (setting a limit may actually make it easier for +an attacker to create a denial-of-service, and is not recommended). .Pp Stream servers are usually marked as .Dq nowait