Pros and Cons of running under inetd....
Eric Schuele
e.schuele at computer.org
Fri May 12 17:44:45 PDT 2006
Derek Ragona wrote:
> Yes it is still true today. The default system now has inetd running
> nothing. And the ports now install rc scripts for these reasons.
>
Not arguing here... everything I've found on the web says something similar.
But why do we have inetd? I assume it solved a problem in the past,
that no longer exists. Not to mention its spotted security history.
> For network daemons, when they are running in a listen mode there is no
> real overhead on the system.
>
> -Derek
>
> At 03:41 PM 5/12/2006, wc_fbsd at xxiii.com wrote:
>> At 04:25 PM 5/12/2006, you wrote:
>>> inetd running is discouraged. Instead run the daemons on boot using
>>> rc scripts. If you look back in the history, inetd running is a
>>> security risk, and was discouraged in the 5.X releases.
>>
>> Is that still really true? Waaayyy back when, inetd would have all
>> kinds of dangerous services enabled by default (allowing DOS stuff
>> like spewing "chargen" into "discard").
>>
>> But that was a configuration issue, and issues with the services it
>> launched; not with inetd itself.
>>
>> The authentication is still done within ftpd. You're just saving the
>> tiny overhead of running it all the time for occasional use. And
>> inetd does allow the tcpwrappers for anything it launches (obviously
>> the wrappers are compiled into many other things now, ftpd included.)
>>
>> -Wayne
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>> MailScanner thanks transtec Computers for their support.
>>
>
--
Regards,
Eric
More information about the freebsd-questions
mailing list