From owner-freebsd-bugs  Sat Oct  7 15:20: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id AE2D537B66C
	for <freebsd-bugs@FreeBSD.org>; Sat,  7 Oct 2000 15:20:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id PAA31950;
	Sat, 7 Oct 2000 15:20:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Sat, 7 Oct 2000 15:20:02 -0700 (PDT)
Message-Id: <200010072220.PAA31950@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Kris Kennaway <kris@citusc.usc.edu>
Subject: Re: ports/21814: Inetd's very existence is a security risk.
Reply-To: Kris Kennaway <kris@citusc.usc.edu>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR conf/21814; it has been noted by GNATS.

From: Kris Kennaway <kris@citusc.usc.edu>
To: Mike Meyer <mwm@mired.org>
Cc: Kris Kennaway <kris@citusc.usc.edu>,
	FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: ports/21814: Inetd's very existence is a security risk.
Date: Sat, 7 Oct 2000 15:18:01 -0700

 On Sat, Oct 07, 2000 at 06:42:55AM -0500, Mike Meyer wrote:
 > Kris Kennaway writes:
 > > On Sat, Oct 07, 2000 at 11:02:03AM -0000, mwm@mired.org wrote:
 > > 
 > > > 	"make installworld" on your favorite box that doesn't run
 > > > 	inetd, and notice that you get a brand, spanking new copy of
 > > > 	inetd.
 > > That's what this is for in /etc/rc.conf:
 > > inetd_enable="NO"               # Run the network daemon dispatcher (YES/NO).
 > > It's only a security risk if you're running it.
 > 
 > Didn't really read the PR carefully, did you? The relevant part is:
 > 
 >         I always (always, always, always) turn off inetd on any system
 >         that needs to be secured against exposure to the world. I'd
 >         really it rather not be on the system *at all*.
 > 
 > In other words, I *know* how to turn, but I want it gone
 > completely. The patch makes that much saner. If you don't like that
 > behavior, don't add NO_INETD to /etc/make.conf.
 
 Well, IMO just not liking something isn't good grounds for yet another
 build knob. The inetd binary doesnt run with any privileges, it's not
 causing filesystem bloat, it's not taking up space on the root
 filesystem, and it's not conflicting with anything else.
 
 I think you'll have to provide a better justification of why this
 would be needed.
 
 Kris
 
 > 	<mike
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message