From owner-freebsd-arch Tue Jul 31 21:55:46 2001 Delivered-To: freebsd-arch@freebsd.org Received: from mailhost.xrxgsn.com (unknown [216.42.106.144]) by hub.freebsd.org (Postfix) with ESMTP id 79D2B37B405; Tue, 31 Jul 2001 21:55:39 -0700 (PDT) (envelope-from mike.porter@xrxgsn.com) Received: from laptop (1Cust201.tnt3.salt-lake-city.ut.da.uu.net [63.11.215.201]) by mailhost.xrxgsn.com (8.9.3/8.9.3) with SMTP id AAA12776; Wed, 1 Aug 2001 00:47:57 -0400 (EDT) Message-ID: <00e501c11a45$f2165520$0300a8c0@laptop> From: "Mike Porter" To: "Robert Watson" , , "Derek C." Cc: Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf Date: Tue, 31 Jul 2001 22:53:42 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3612.1700 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3612.1700 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Somehow I missed the original of this.... -----Original Message----- From: Derek C. To: Robert Watson ; arch@FreeBSD.ORG Cc: stable@FreeBSD.ORG Date: Tuesday, July 31, 2001 9:56 PM Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf >Well, I am a fairly typical uninformed/idiot user, who is getting better >every day, and I say the documentation is great, and the patch is a great idea. > >Derek > >At 08:48 PM 7/31/2001, Robert Watson wrote: > [snip the first introductory bits] > >>needs. In particular in light of the recent ftpd and telnetd security >>bugs, it seems like 4.4-RELEASE would be a good time to move to a more >>conservative default of having both of these services disabled in the base >>install, as both NetBSD and OpenBSD have moved to doing. >> Seems like a pretty good idea to me; although it seems to me that perhaps disabling SSH by default is overkill; certainly I think that it is a good idea to disable telnet by default...nearly eveyone who NEEDS it should be able to add it easily enough...however... [...] >>concerning enabling and disabling services. It also modifies sysinstall >>such that enabling inetd in the post-install configuration describes inetd >>more than previously, mentions the risks, and then also presents the >>opportunity to edit inetd.conf if inetd is enabled. Also, during the >>normal install, the user is automatically prompted to enable or disable >>inetd in much the same style as the NFS server. >> [snip the details] It also seems to me that a better solution than just editing inetd.conf (especially for novice users) would be a sub-menu, similar to the one used to enable inetd and NFS and the like, allowing a user to check which services are desired. Of course, I am not familiar with sysinstall internals, so I don't know how much work this really entails, its just an idea. mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message