Date: Tue, 13 Feb 2001 18:02:42 +0100 From: turbo23 <turbo23@gmx.net> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: freebsd-security@freebsd.org Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <5.0.2.1.2.20010213174457.009f70b0@mail.gmx.net> In-Reply-To: <200102131524.f1DFOU814381@cwsys.cwsent.com> References: <Your message of "Tue, 13 Feb 2001 15:07:00 %2B0100." <5.0.2.1.2.20010213150150.009f0620@mail.gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > >I'm not aware of any security issues in FreeBSD's inetd that involve it > > >running an external (ie, exec) service. Care for pointers? > > > > > >19 June 2000, xinetd had the following bug: > > > > > > Certain versions of xinetd have a bug in the access control > > > mechanism. If you use a hostname to control access to a service > > > (localhost instead of 127.0.0.1 ), xinetd will allow any connection > > > from hosts that fail a reverse look-up. > > > > > >Perhaps you mean inetd's on other systems (like those that don't have > > >connection limits, and those that turn services off for 10 minutes > > >without configurability on the amount of time turned off)? > > > > You're right. But we had troubles with some inetd and Linux machines. I > > thought this could be a problem with freebsd too. But I was wrong. Anwyway > > we are using tcpserver at the moment. > >You can't make the assumption that just because Linux has a bug that >FreeBSD would as well. In my experience, the quality of code coming >out of the FreeBSD project is much better than any Linux distribution >I've had to work with. Take for example the latest Vixie cron bug. >Both Linux and FreeBSD use Vixie cron. FreeBSD's version of Vixie cron >has been substantially modified and fixed, while Linux continues to use >the original Vixie cron with most of its bugs. > >Another good example are the various man command security bugs in Linux >which are not in FreeBSD. > >Few bugs discovered on Linux affect FreeBSD. Ok that's right. But of course there are examples for the opposite as well. I didn't know the xinetd bug. But I still think that xinetd is a good alternative for inetd. Its has some good features but it isn't necessarily for the Freebsd inetd. regards Thomas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.2.20010213174457.009f70b0>