Date: Tue, 13 Feb 2001 12:07:22 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: turbo23 <turbo23@gmx.net> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) Message-ID: <200102132007.f1DK7fZ15502@cwsys.cwsent.com> In-Reply-To: Your message of "Tue, 13 Feb 2001 18:02:42 %2B0100." <5.0.2.1.2.20010213174457.009f70b0@mail.gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <5.0.2.1.2.20010213174457.009f70b0@mail.gmx.net>, turbo23 writes: > > > > >I'm not aware of any security issues in FreeBSD's inetd that involve it > > > >running an external (ie, exec) service. Care for pointers? > > > > > > > >19 June 2000, xinetd had the following bug: > > > > > > > > Certain versions of xinetd have a bug in the access control > > > > mechanism. If you use a hostname to control access to a service > > > > (localhost instead of 127.0.0.1 ), xinetd will allow any connection > > > > from hosts that fail a reverse look-up. > > > > > > > >Perhaps you mean inetd's on other systems (like those that don't have > > > >connection limits, and those that turn services off for 10 minutes > > > >without configurability on the amount of time turned off)? > > > > > > You're right. But we had troubles with some inetd and Linux machines. I > > > thought this could be a problem with freebsd too. But I was wrong. Anwywa > y > > > we are using tcpserver at the moment. > > > >You can't make the assumption that just because Linux has a bug that > >FreeBSD would as well. In my experience, the quality of code coming > >out of the FreeBSD project is much better than any Linux distribution > >I've had to work with. Take for example the latest Vixie cron bug. > >Both Linux and FreeBSD use Vixie cron. FreeBSD's version of Vixie cron > >has been substantially modified and fixed, while Linux continues to use > >the original Vixie cron with most of its bugs. > > > >Another good example are the various man command security bugs in Linux > >which are not in FreeBSD. > > > >Few bugs discovered on Linux affect FreeBSD. > > > Ok that's right. But of course there are examples for the opposite as well. > I didn't know the xinetd bug. But I still think that xinetd is a good > alternative for inetd. Its has some good features but it isn't necessarily > for the Freebsd inetd. Not as many examples however. Comparing xinetd to Linux and vendor inetd, I agree, however the enhancements made to FreeBSD inetd brings our inetd into the same league as xinetd. I do think that xinetd's configuration file format is more cumbersome than inetd's. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102132007.f1DK7fZ15502>