FreeBSD Security Advisory FreeBSD-SA-03:12.openssh
Avleen Vig
lists-freebsd at silverwraith.com
Thu Sep 18 20:09:53 PDT 2003
On Thu, Sep 18, 2003 at 06:07:10PM -0700, Roger Marquis wrote:
> Duplicating inetd's features increases the total code, increases
> its complexity, and reduces overall security. Sshd doesn't need
> to know how to run as a daemon. That code is already in inetd.
> Sshd also doesn't need to duplicate the connection limiting, process
> limiting, and tcp_wrappers already built into inetd. This is why
> all modern unix systems have inetd or xinetd.
But by the same token, ssh is a security application, and running it
through inetd potentially reduces its security effectiveness by
introducing code which isn't of the same standard as sshd.
Compare all security vulnerabilities in sshd with all security
vulnerabilities in inetd.
Now, would you prefer to have only the vulnerabilities in sshd present,
or both sshd AND inetd?
More information about the freebsd-security
mailing list