Date: Tue, 13 Feb 2001 07:24:15 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: turbo23 <turbo23@gmx.net> Cc: Neil Blakey-Milner <nbm@mithrandr.moria.org>, freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <200102131524.f1DFOU814381@cwsys.cwsent.com> In-Reply-To: Your message of "Tue, 13 Feb 2001 15:07:00 %2B0100." <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net>, turbo23 writes: > > > > >or maybe you like to run ftpd with tcp-server, from mr. djb. > > > >small, fast and easy to configure. > > > > > > You can also run ftpd with xinetd. It can also handle maximum number of > > > connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more > > > secure than inetd. > > > >I'm not aware of any security issues in FreeBSD's inetd that involve it > >running an external (ie, exec) service. Care for pointers? > > > >19 June 2000, xinetd had the following bug: > > > > Certain versions of xinetd have a bug in the access control > > mechanism. If you use a hostname to control access to a service > > (localhost instead of 127.0.0.1 ), xinetd will allow any connection > > from hosts that fail a reverse look-up. > > > >Perhaps you mean inetd's on other systems (like those that don't have > >connection limits, and those that turn services off for 10 minutes > >without configurability on the amount of time turned off)? > > You're right. But we had troubles with some inetd and Linux machines. I > thought this could be a problem with freebsd too. But I was wrong. Anwyway > we are using tcpserver at the moment. You can't make the assumption that just because Linux has a bug that FreeBSD would as well. In my experience, the quality of code coming out of the FreeBSD project is much better than any Linux distribution I've had to work with. Take for example the latest Vixie cron bug. Both Linux and FreeBSD use Vixie cron. FreeBSD's version of Vixie cron has been substantially modified and fixed, while Linux continues to use the original Vixie cron with most of its bugs. Another good example are the various man command security bugs in Linux which are not in FreeBSD. Few bugs discovered on Linux affect FreeBSD. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102131524.f1DFOU814381>