Date: Thu, 11 Sep 1997 00:03:44 +0200 (CEST) From: torstenb@onizuka.tb.9715.org (Torsten Blum) To: mark@grondar.za (Mark Murray) Cc: andreas@klemm.gtn.com, ports@freebsd.org Subject: Re: Major bogon in tcp_wrappers port. Message-ID: <m0x8urQ-0006haC@onizuka.tb.9715.org> In-Reply-To: <199709101631.SAA00382@greenpeace.grondar.za> from Mark Murray at "Sep 10, 97 06:31:11 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Murray wrote:
> > You're right, I'd vote for it as well.
> > On the other hand ... how much overhead does it bring ?
>
> Not much. Physically, the files are not big. They do not take
> much time to compile. They _do_ add some latency to your daemon's
> startup, except in the case where the app is linked against libwrap.
>
> (Sendmail has such hooks, so does ssh (and I believe cvsupd as well?))
Uh, I tought this was a joke...
Why should we move tcpwrapper to the base system ? I can't see an
advantage here.
tcpd is an easy "plug in" and one of it's "advantages" is that you just
have to change inetd.conf - no compile-time changes.
It's harder to configure hosts.{allow,deny} then changing inetd.conf.
> > Every time when an inetd related service is being started,
> > the (of course small) tcpd program has to be executed.
>
> Sure. You can configure your system suchg that the wrappers are not
> used, if you prefer.
Aeh, that's why we have the ports tree. If something is really optional
and you just have to change a config file why should it be moved to
the base system ?
> > And ... which inetd related server programs do we want to
> > protect, only some or all ?
>
> Negotiable. I kinda like the idea if two files - inetd.conf.dist and
> inetd.conf.wrap.dist, and some install option to choose one.
We don't need to have tcpwrapper in the base system to provide an
example config file.
confused
-tb
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0x8urQ-0006haC>