Pros and Cons of running under inetd....

Derek Ragona derek at computinginnovations.com
Fri May 12 18:31:19 PDT 2006 

Inetd still is there as a legacy part of UNIX.  This was the old way of 
starting services on demand in the old days BEFORE wans, the internet, 
etc.  Remember UNIX started as networked on LANS, with LANS interconnected 
using UUCP.  Ah those good old days before SPAM, www, and viruses.

As more security problems have been found, changes have been made to the 
OS, like the move away from inetd.  This also forces that only required 
services are running, not a slew of services running "on demand" like 
finger, ftp, tftp, etc through inetd.

         -Derek


At 07:44 PM 5/12/2006, Eric Schuele wrote:
>Derek Ragona wrote:
>>Yes it is still true today.  The default system now has inetd running 
>>nothing.  And the ports now install rc scripts for these reasons.
>
>Not arguing here... everything I've found on the web says something similar.
>
>But why do we have inetd?  I assume it solved a problem in the past, that 
>no longer exists.  Not to mention its spotted security history.
>
>>For network daemons, when they are running in a listen mode there is no 
>>real overhead on the system.
>>         -Derek
>>At 03:41 PM 5/12/2006, wc_fbsd at xxiii.com wrote:
>>>At 04:25 PM 5/12/2006, you wrote:
>>>>inetd running is discouraged.  Instead run the daemons on boot using rc 
>>>>scripts.  If you look back in the history, inetd running is a security 
>>>>risk, and was discouraged in the 5.X releases.
>>>
>>>Is that still really true?  Waaayyy back when, inetd would have all 
>>>kinds of dangerous services enabled by default (allowing DOS stuff like 
>>>spewing "chargen" into "discard").
>>>
>>>But that was a configuration issue, and issues with the services it 
>>>launched;  not with inetd itself.
>>>
>>>The authentication is still done within ftpd.  You're just saving the 
>>>tiny overhead of running it all the time for occasional use.  And inetd 
>>>does allow the tcpwrappers for anything it launches (obviously the 
>>>wrappers are compiled into many other things now, ftpd included.)
>>>
>>>   -Wayne
>>>
>>>_______________________________________________
>>>freebsd-questions at freebsd.org mailing list
>>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>>>
>>>--
>>>This message has been scanned for viruses and
>>>dangerous content by MailScanner, and is
>>>believed to be clean.
>>>MailScanner thanks transtec Computers for their support.
>
>
>--
>Regards,
>Eric
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the freebsd-questions mailing list