Date: Mon, 28 Jun 1999 11:03:17 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Doug <Studded@gorean.org> Cc: current@freebsd.org Subject: Re: HEADS UP! Inetd wrapping OFF by default Message-ID: <83735.930560597@axl.noc.iafrica.com> In-Reply-To: Your message of "Sun, 27 Jun 1999 18:37:51 MST." <3776D1EF.D4D4021E@gorean.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 27 Jun 1999 18:37:51 MST, Doug wrote: > This is going to sound like I'm attacking sheldon, but I'm not > since he's already stated that the got approval for this change from > Jordan. Jordan will be the first to admit that he's been wrong before and I have a thick skin. > First, the setting in /etc/defaults/rc.conf should default to > off, as defaulting it to on violates POLA for the many many people who > haven't updated to 3.x from 2.2 yet. If we were integrating TCP Wrapper support into the base system for the very first time, I'd agree with you. However, we've already had a release go out with an inetd that wrapped by default. This is a situation in which we can't make _everyone_ happy. For the particular case you've provided, anyone who upgrades from 2.2 to 3.3 without reading the release notes will get what's coming to him. > Also, if the decision is made to leave it on by default, there should > be a hosts.allow file installed by default that has nothing but "ALL : > ALL" in it. We already have a hosts.allow that effectively allows everything. > Second, this command line switch is horrible UI design for > several reasons. First, any command line option that requires that > the same flag be applied twice is bad design, historical precedents > aside. That's an unfortunately timed revelation for me. I feel like I've seen it in a number of programs, although the only one I can remember is ftpd(8). I used that program as a reference, not knowing that it was bad design. :-( > Second, what if I want to wrap my internal services, but not wrap my > external ones? Then you want something that the guys working on the code, who use inetd quite a lot, didn't think of. They probably made the assumption that real-world scenarios like that don't exist. > I propose that the -w flag be changed to take parameters. To > start with, you would have [-w <[e] [i]>] to control wrapping for > external and internal services respectively. This makes my skin crawl, but that's probably just because I know what the code looks like. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?83735.930560597>