From owner-freebsd-questions@FreeBSD.ORG Sat May 13 10:24:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37A9E16A401 for ; Sat, 13 May 2006 10:24:48 +0000 (UTC) (envelope-from dick@nagual.st) Received: from nagual.st (cc20684-a.assen1.dr.home.nl [82.74.2.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8525943D45 for ; Sat, 13 May 2006 10:24:47 +0000 (GMT) (envelope-from dick@nagual.st) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by nagual.st with local; Sat, 13 May 2006 12:24:46 +0200 id 0003980A.4465B3EE.000099EF Date: Sat, 13 May 2006 12:24:46 +0200 To: freebsd-questions Message-ID: <20060513102445.GA33270@arwen.nagual.st> References: <4464B95D.1040702@computer.org> <20060512171515.GC34035@catflap.slightlystrange.org> <4464CEDA.80906@computer.org> <6.0.0.22.2.20060512152402.026a60c8@mail.computinginnovations.com> <6.2.3.4.2.20060512163433.02e85298@mailsvr.xxiii.com> <6.0.0.22.2.20060512165738.026575c0@mail.computinginnovations.com> <44652BFA.6000002@computer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <44652BFA.6000002@computer.org> User-Agent: Mutt/1.4.2.1i From: dick hoogendijk Subject: Re: Pros and Cons of running under inetd.... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 May 2006 10:24:48 -0000 On 12 May Eric Schuele wrote: > Derek Ragona wrote: > >Yes it is still true today. The default system now has inetd running > >nothing. And the ports now install rc scripts for these reasons. > > Not arguing here... everything I've found on the web says something > similar. > > But why do we have inetd? I assume it solved a problem in the past, > that no longer exists. Not to mention its spotted security history. > > >For network daemons, when they are running in a listen mode there is > >no real overhead on the system. OK, I run inetd for just these two services: # # FAM: File Alteration Monitor [devel/fam] sgi_fam/1-2 stream rpc/tcp wait root /usr/local/bin/fam fam # # an appropriate block rule to your pf.conf # ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy If inetd is a security risk how can I change these things to work without inetd? As I understand thare is no other way, but I'm very keen on learning ;-) -- dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE ++ Running FreeBSD 6.1 ++ The Power to Serve