Pros and Cons of running under inetd....

Derek Ragona derek at computinginnovations.com
Fri May 12 18:18:51 PDT 2006


Simply reinstall what ever ported apps you are using and look for a sample 
startup script in /usr/local/etc/rc.d, or look in /etc/defaults/rc.conf for 
the settings to override in /etc/rc.conf to run any standard system 
services at boot.

You can search the old security lists or look in SANS archives on the 
actual exploits about inetd.

         -Derek


At 07:46 PM 5/12/2006, Eric Schuele wrote:
>Daniel Bye wrote:
>>On Fri, May 12, 2006 at 01:07:22PM -0500, Eric Schuele wrote:
>>>Although I am curious about ftpd and tcpwrappers.... I am also 
>>>interested in whether or not running these daemons under inetd is 
>>>preferred or not.  If so why?  If not, why?
>>Certainly for anything that has a reasonably expensive start up, such as
>>sshd, you will probably want to run it as a standalone daemon, because
>>it's easier on the system to start it up only once and then fork a new
>>child for each client connection.
>>On the other hand, using inetd will allow you to have only one
>>'superserver' running, which can spawn the appropriate daemon as
>>required.  This means that you won't have idle daemons lying around, as
>>they are cleaned up once the session ends.
>>One obvious shortcoming, as you point out, is that the stock ftpd
>>doesn't seem to understand how to consult /etc/hosts.allow, so if you
>>have one configured already, then you might want to use inetd to control
>>ftpd.  There may be alternative ftpd servers in the ports that do know
>>how to use tcpwrappers, but I've never used any others so don't know.
>>So, I suppose the real answer to your question is that you should use
>>inetd if you need to use one of the features that it provides, such as
>>tcpwrappers.  I can't think of any reason to not use inetd, and I
>>haven't heard any reasonable arguments suggesting it's particularly bad
>>for your health.  YMMV, etc.
>
>Thanks for the response.  I'm of a similar opinion.  For this particular 
>application (my laptop and occasional use, plus its usually ipfw'd away 
>from the world) I think its fine... and unless I find another solution, 
>I'll probably run ftpd under inetd, and sshd standalone.
>
>>Dan
>
>
>--
>Regards,
>Eric
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the freebsd-questions mailing list