From owner-freebsd-security  Tue Feb 13  6: 7:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.gmx.net (mail.gmx.net [194.221.183.20])
	by hub.freebsd.org (Postfix) with SMTP id 5220F37B4EC
	for <freebsd-security@FreeBSD.ORG>; Tue, 13 Feb 2001 06:07:08 -0800 (PST)
Received: (qmail 10931 invoked by uid 0); 13 Feb 2001 14:07:06 -0000
Received: from pop-zh-18-2-dialup-160.freesurf.ch (HELO blaaa.gmx.net) (194.230.220.160)
  by mail.gmx.net (mp006-rz3) with SMTP; 13 Feb 2001 14:07:06 -0000
Message-Id: <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net>
X-Sender: 627573@mail.gmx.net
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Date: Tue, 13 Feb 2001 15:07:00 +0100
To: Neil Blakey-Milner <nbm@mithrandr.moria.org>
From: turbo23 <turbo23@gmx.net>
Subject: Re: Secure Servers (SMTP, POP3, FTP)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20010213155212.A70601@rapier.smartspace.co.za>
References: <5.0.2.1.2.20010213144216.00a80210@mail.gmx.net>
 <xzpelx2zp8h.fsf@flood.ping.uio.no>
 <Pine.BSF.4.10.10102132032160.51860-100000@cache.bi.itb.ac. id>
 <5.0.2.1.2.20010213144216.00a80210@mail.gmx.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> > >or maybe you like to run ftpd with tcp-server, from mr. djb.
> > >small, fast and easy to configure.
> >
> > You can also run ftpd with xinetd. It can also handle maximum number of
> > connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more
> > secure than inetd.
>
>I'm not aware of any security issues in FreeBSD's inetd that involve it
>running an external (ie, exec) service.  Care for pointers?
>
>19 June 2000, xinetd had the following bug:
>
>     Certain versions of xinetd have a bug in the access control
>     mechanism. If you use a hostname to control access to a service
>     (localhost instead of 127.0.0.1 ), xinetd will allow any connection
>     from hosts that fail a reverse look-up.
>
>Perhaps you mean inetd's on other systems (like those that don't have
>connection limits, and those that turn services off for 10 minutes
>without configurability on the amount of time turned off)?

You're right. But we had troubles with some inetd and Linux machines. I 
thought this could be a problem with freebsd too. But I was wrong. Anwyway 
we are using tcpserver at the moment.

regards
Thomas



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message