Pros and Cons of running under inetd....
wc_fbsd at xxiii.com
wc_fbsd at xxiii.com
Fri May 12 18:35:12 PDT 2006
At 08:42 PM 5/12/2006, Eric Schuele wrote:
>You say tcpwrappers are compiled into ftpd? Are you sure? How can
>I "enable" or otherwise use them? If I add things to hosts.allow
>they seem to have no influence. This would solve my problem as I
>would not need inetd.
My Bad. It seems it does not. It's running from inetd on the box I
regularly edit hosts.allow on.
The performance benefit inetd once offered -- not having a lot of
background process for seldom used services -- is not a big deal
today. But security-wise, spawning other programs that would just be
directly listening on a port otherwise doesn't seem terribly
insecure. Could it even be argued beneficial? -- you have a single,
simple piece of code accepting the initial connections, instead of 20
processes doing the same thing with 20 different pieces of code, any
one of which could have an exploit. If an exploit was conceived that
could take advantage lots of programs listening on any old socket, it
seems the vulnerability would be lessened, or at least easier to fix.
I don't claim to be an expert security guy or OS programmer, but so
far I haven't heard an explanation besides "don't do that".
-Wayne
More information about the freebsd-questions
mailing list