From owner-cvs-all Tue Jan 26 11:12:24 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA16715 for cvs-all-outgoing; Tue, 26 Jan 1999 11:12:24 -0800 (PST) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA16687; Tue, 26 Jan 1999 11:12:14 -0800 (PST) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.9.2/8.9.2) with ESMTP id VAA73187; Tue, 26 Jan 1999 21:12:07 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.za (8.9.2/8.9.2) with ESMTP id VAA50572; Tue, 26 Jan 1999 21:12:05 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199901261912.VAA50572@greenpeace.grondar.za> To: Poul-Henning Kamp cc: Andreas Klemm , Nate Williams , Matthew Dillon , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: Small, useful tools (Was: Re: 'cpdup' program, and question) In-Reply-To: Your message of " Tue, 26 Jan 1999 19:46:36 +0100." <27224.917376396@critter.freebsd.dk> References: <27224.917376396@critter.freebsd.dk> Date: Tue, 26 Jan 1999 21:12:04 +0200 From: Mark Murray Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk Poul-Henning Kamp wrote: > >> Tcp_wrappers are small enough to bmake directly. Trivial job. > > > >I'd second this with respect to FreeBSD getting an entry > >in the ,hall of fames' of "Ultra secure" BSD's ;-) > > It is not a matter of size, or bmakability, it is simply a matter of > importing code which is maintained (better) elsewhere is a bad idea > in principle (ref: IPFILTER, xntpd, sendmail &c &c &c) If the software concerned is undergoing rapid development (such as Fetchmail did a year or two ago as an extreme case and Sendmail is now as a mild case), I'd agree with you vehemently. Tcp_wrappers are extremely stable, and have had nary an update for quite a while in spite of its popularity. I reckon having sendmail delivered OOTB with wrappers will assist the newbie sysadmin no end with securing against bombers and spammers, and likewise for inetd with similar support (disclaimer *). I would have loved to include a POP server in the to-be-bmaked list, except I have read too much recently about how unstable or stylisticaly bad the current options are. Nevertheless, it would do our "features" list a good turn to have "POP server" on the "out of box" list. Point taken. I'll add xntpd to my list of projects (meaning I'll get to it about 6 months :). TCP_wrappers I can do in an hour; I know, 'cos I did it before (I lost that when I was burgled). M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org * I fully recognise that tcp wrappers are susceptible to spoofing attacks. They are however extremely effective against the current crop of 5KR1PT K1DZ. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message