FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
Roger Marquis
marquis at roble.com
Thu Sep 18 18:07:11 PDT 2003
> I don't want one service (ssh) being dependant on anoyher service
> (inetd). This is bad system design.
Inetd was designed for processes exactly like ssh, processes that
are not generating connections continuously like sendmail, apache,
or named.
Duplicating inetd's features increases the total code, increases
its complexity, and reduces overall security. Sshd doesn't need
to know how to run as a daemon. That code is already in inetd.
Sshd also doesn't need to duplicate the connection limiting, process
limiting, and tcp_wrappers already built into inetd. This is why
all modern unix systems have inetd or xinetd.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
More information about the freebsd-security
mailing list