From owner-freebsd-security Tue Feb 13 9: 4:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (mail.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 9552D37B491 for ; Tue, 13 Feb 2001 09:00:50 -0800 (PST) Received: (qmail 1419 invoked by uid 0); 13 Feb 2001 17:00:47 -0000 Received: from pop-zh-18-2-dialup-160.freesurf.ch (HELO blaaa.gmx.net) (194.230.220.160) by mail.gmx.net (mail05) with SMTP; 13 Feb 2001 17:00:47 -0000 Message-Id: <5.0.2.1.2.20010213174457.009f70b0@mail.gmx.net> X-Sender: 627573@mail.gmx.net X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 13 Feb 2001 18:02:42 +0100 To: Cy Schubert - ITSD Open Systems Group From: turbo23 Subject: Re: Secure Servers (SMTP, POP3, FTP) Cc: freebsd-security@freebsd.org In-Reply-To: <200102131524.f1DFOU814381@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > >I'm not aware of any security issues in FreeBSD's inetd that involve it > > >running an external (ie, exec) service. Care for pointers? > > > > > >19 June 2000, xinetd had the following bug: > > > > > > Certain versions of xinetd have a bug in the access control > > > mechanism. If you use a hostname to control access to a service > > > (localhost instead of 127.0.0.1 ), xinetd will allow any connection > > > from hosts that fail a reverse look-up. > > > > > >Perhaps you mean inetd's on other systems (like those that don't have > > >connection limits, and those that turn services off for 10 minutes > > >without configurability on the amount of time turned off)? > > > > You're right. But we had troubles with some inetd and Linux machines. I > > thought this could be a problem with freebsd too. But I was wrong. Anwyway > > we are using tcpserver at the moment. > >You can't make the assumption that just because Linux has a bug that >FreeBSD would as well. In my experience, the quality of code coming >out of the FreeBSD project is much better than any Linux distribution >I've had to work with. Take for example the latest Vixie cron bug. >Both Linux and FreeBSD use Vixie cron. FreeBSD's version of Vixie cron >has been substantially modified and fixed, while Linux continues to use >the original Vixie cron with most of its bugs. > >Another good example are the various man command security bugs in Linux >which are not in FreeBSD. > >Few bugs discovered on Linux affect FreeBSD. Ok that's right. But of course there are examples for the opposite as well. I didn't know the xinetd bug. But I still think that xinetd is a good alternative for inetd. Its has some good features but it isn't necessarily for the Freebsd inetd. regards Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message