Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Feb 2001 07:24:15 -0800
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        turbo23 <turbo23@gmx.net>
Cc:        Neil Blakey-Milner <nbm@mithrandr.moria.org>, freebsd-security@FreeBSD.ORG
Subject:   Re: Secure Servers (SMTP, POP3, FTP) 
Message-ID:  <200102131524.f1DFOU814381@cwsys.cwsent.com>
In-Reply-To: Your message of "Tue, 13 Feb 2001 15:07:00 %2B0100." <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net>, turbo23 
writes:
> 
> > > >or maybe you like to run ftpd with tcp-server, from mr. djb.
> > > >small, fast and easy to configure.
> > >
> > > You can also run ftpd with xinetd. It can also handle maximum number of
> > > connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more
> > > secure than inetd.
> >
> >I'm not aware of any security issues in FreeBSD's inetd that involve it
> >running an external (ie, exec) service.  Care for pointers?
> >
> >19 June 2000, xinetd had the following bug:
> >
> >     Certain versions of xinetd have a bug in the access control
> >     mechanism. If you use a hostname to control access to a service
> >     (localhost instead of 127.0.0.1 ), xinetd will allow any connection
> >     from hosts that fail a reverse look-up.
> >
> >Perhaps you mean inetd's on other systems (like those that don't have
> >connection limits, and those that turn services off for 10 minutes
> >without configurability on the amount of time turned off)?
> 
> You're right. But we had troubles with some inetd and Linux machines. I 
> thought this could be a problem with freebsd too. But I was wrong. Anwyway 
> we are using tcpserver at the moment.

You can't make the assumption that just because Linux has a bug that 
FreeBSD would as well.  In my experience, the quality of code coming 
out of the FreeBSD project is much better than any Linux distribution 
I've had to work with.  Take for example the latest Vixie cron bug.  
Both Linux and FreeBSD use Vixie cron.  FreeBSD's version of Vixie cron 
has been substantially modified and fixed, while Linux continues to use 
the original Vixie cron with most of its bugs.

Another good example are the various man command security bugs in Linux 
which are not in FreeBSD.

Few bugs discovered on Linux affect FreeBSD.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102131524.f1DFOU814381>