FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
Jason Stone
freebsd-security at dfmm.org
Thu Sep 18 18:33:33 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Advantages to using inetd include connection count limiting,
> connection rate limiting, tcp_wrappers, address binding, and
> simplicity (KIS), among others.
>
> Back when ssh was originally developed, in the days of 50Mhz
> processors, key generation time made running sshd out of inetd slow.
> For the past several years, however, this has not been an issue.
> Why FreeBSd's default installation still uses a legacy stand-alone
> ssh daemon is a question many systems administrators are asking.
Uh, you've got it backwards dude - inetd was developed way way back in the
day, when having a separate telnetd, ftpd, etc all running all the time
consumed too many resources. Most modern daemons (sshd, apache, bind,
dhcpd, etc) all run as standalones - the ones that still want inetd are
stuff like talkd, fingerd, uucpd - ie, the daemons that no one runs
anymore.
And how is having two daemons (inetd and sshd), each with their own config
files and implementation bogosities _simpler_ that just the one? Uh, I
could run inetd _and_ sshd, or just sshd - hmm, which do I think is
simpler...? And sshd has all the "advantages of inetd" which you mention.
- From a security standpoint, I really think that inetd outght not be used.
It's an additional root-running source of complexity and potential bugs,
and it is almost never necesary.
-Jason
--------------------------------------------------------------------------
Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
that he was insufficiently fondled when he was an infant.
-- Ashley Montagu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE/alzsswXMWWtptckRAn7BAJ9L+V4XAgaJCe3cIm40k34RXdkRXQCg1RXm
u20B+ZxFFSMyNH2OAnuK3X4=
=9Dxo
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list