From owner-freebsd-ports Sat Oct 7 4:50: 5 2000 Delivered-To: freebsd-ports@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9FACE37B502 for ; Sat, 7 Oct 2000 04:50:02 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id EAA21816; Sat, 7 Oct 2000 04:50:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Sat, 7 Oct 2000 04:50:02 -0700 (PDT) Message-Id: <200010071150.EAA21816@freefall.freebsd.org> To: freebsd-ports@FreeBSD.org Cc: From: Mike Meyer Subject: Re: ports/21814: Inetd's very existence is a security risk. Reply-To: Mike Meyer Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR ports/21814; it has been noted by GNATS. From: Mike Meyer To: Kris Kennaway Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: ports/21814: Inetd's very existence is a security risk. Date: Sat, 7 Oct 2000 06:42:55 -0500 (CDT) Kris Kennaway writes: > On Sat, Oct 07, 2000 at 11:02:03AM -0000, mwm@mired.org wrote: > > > "make installworld" on your favorite box that doesn't run > > inetd, and notice that you get a brand, spanking new copy of > > inetd. > That's what this is for in /etc/rc.conf: > inetd_enable="NO" # Run the network daemon dispatcher (YES/NO). > It's only a security risk if you're running it. Didn't really read the PR carefully, did you? The relevant part is: I always (always, always, always) turn off inetd on any system that needs to be secured against exposure to the world. I'd really it rather not be on the system *at all*. In other words, I *know* how to turn, but I want it gone completely. The patch makes that much saner. If you don't like that behavior, don't add NO_INETD to /etc/make.conf.