From owner-freebsd-security Tue Feb 13 12: 8:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id C939337B491 for ; Tue, 13 Feb 2001 12:08:14 -0800 (PST) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id MAA22075; Tue, 13 Feb 2001 12:08:05 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda22071; Tue Feb 13 12:07:54 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.2/8.9.1) id f1DK7ja94215; Tue, 13 Feb 2001 12:07:45 -0800 (PST) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdr94201; Tue Feb 13 12:07:42 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.2/8.9.1) id f1DK7fZ15502; Tue, 13 Feb 2001 12:07:41 -0800 (PST) Message-Id: <200102132007.f1DK7fZ15502@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdt15492; Tue Feb 13 12:07:22 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: turbo23 Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: Secure Servers (SMTP, POP3, FTP) In-reply-to: Your message of "Tue, 13 Feb 2001 18:02:42 +0100." <5.0.2.1.2.20010213174457.009f70b0@mail.gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 13 Feb 2001 12:07:22 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <5.0.2.1.2.20010213174457.009f70b0@mail.gmx.net>, turbo23 writes: > > > > >I'm not aware of any security issues in FreeBSD's inetd that involve it > > > >running an external (ie, exec) service. Care for pointers? > > > > > > > >19 June 2000, xinetd had the following bug: > > > > > > > > Certain versions of xinetd have a bug in the access control > > > > mechanism. If you use a hostname to control access to a service > > > > (localhost instead of 127.0.0.1 ), xinetd will allow any connection > > > > from hosts that fail a reverse look-up. > > > > > > > >Perhaps you mean inetd's on other systems (like those that don't have > > > >connection limits, and those that turn services off for 10 minutes > > > >without configurability on the amount of time turned off)? > > > > > > You're right. But we had troubles with some inetd and Linux machines. I > > > thought this could be a problem with freebsd too. But I was wrong. Anwywa > y > > > we are using tcpserver at the moment. > > > >You can't make the assumption that just because Linux has a bug that > >FreeBSD would as well. In my experience, the quality of code coming > >out of the FreeBSD project is much better than any Linux distribution > >I've had to work with. Take for example the latest Vixie cron bug. > >Both Linux and FreeBSD use Vixie cron. FreeBSD's version of Vixie cron > >has been substantially modified and fixed, while Linux continues to use > >the original Vixie cron with most of its bugs. > > > >Another good example are the various man command security bugs in Linux > >which are not in FreeBSD. > > > >Few bugs discovered on Linux affect FreeBSD. > > > Ok that's right. But of course there are examples for the opposite as well. > I didn't know the xinetd bug. But I still think that xinetd is a good > alternative for inetd. Its has some good features but it isn't necessarily > for the Freebsd inetd. Not as many examples however. Comparing xinetd to Linux and vendor inetd, I agree, however the enhancements made to FreeBSD inetd brings our inetd into the same league as xinetd. I do think that xinetd's configuration file format is more cumbersome than inetd's. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message