From owner-freebsd-security Tue Feb 13 7:28: 9 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 136B637B491 for ; Tue, 13 Feb 2001 07:28:02 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA21252; Tue, 13 Feb 2001 07:25:38 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21250; Tue Feb 13 07:25:32 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f1DFPRG92177; Tue, 13 Feb 2001 07:25:27 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdq92172; Tue Feb 13 07:24:30 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.2/8.9.1) id f1DFOU814381; Tue, 13 Feb 2001 07:24:30 -0800 (PST) Message-Id: <200102131524.f1DFOU814381@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdE14376; Tue Feb 13 07:24:15 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: turbo23 Cc: Neil Blakey-Milner , freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) In-reply-to: Your message of "Tue, 13 Feb 2001 15:07:00 +0100." <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 13 Feb 2001 07:24:15 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net>, turbo23 writes: > > > > >or maybe you like to run ftpd with tcp-server, from mr. djb. > > > >small, fast and easy to configure. > > > > > > You can also run ftpd with xinetd. It can also handle maximum number of > > > connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more > > > secure than inetd. > > > >I'm not aware of any security issues in FreeBSD's inetd that involve it > >running an external (ie, exec) service. Care for pointers? > > > >19 June 2000, xinetd had the following bug: > > > > Certain versions of xinetd have a bug in the access control > > mechanism. If you use a hostname to control access to a service > > (localhost instead of 127.0.0.1 ), xinetd will allow any connection > > from hosts that fail a reverse look-up. > > > >Perhaps you mean inetd's on other systems (like those that don't have > >connection limits, and those that turn services off for 10 minutes > >without configurability on the amount of time turned off)? > > You're right. But we had troubles with some inetd and Linux machines. I > thought this could be a problem with freebsd too. But I was wrong. Anwyway > we are using tcpserver at the moment. You can't make the assumption that just because Linux has a bug that FreeBSD would as well. In my experience, the quality of code coming out of the FreeBSD project is much better than any Linux distribution I've had to work with. Take for example the latest Vixie cron bug. Both Linux and FreeBSD use Vixie cron. FreeBSD's version of Vixie cron has been substantially modified and fixed, while Linux continues to use the original Vixie cron with most of its bugs. Another good example are the various man command security bugs in Linux which are not in FreeBSD. Few bugs discovered on Linux affect FreeBSD. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message