Date: Wed, 18 Nov 1998 10:56:09 -0800 (PST) From: Christopher Nielsen <enkhyl@scient.com> To: Garance A Drosihn <drosih@rpi.edu> Cc: William McVey <wam@sa.fedex.com>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <Pine.BSF.4.05.9811181053450.413-100000@ender.sf.scient.com> In-Reply-To: <v0401170fb2779962d724@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Nov 1998, Garance A Drosihn wrote: > At 2:14 PM -0600 11/17/98, William McVey wrote: > >Cliff Skolnick wrote: > >> I am more concerned about stand alone daemons like sendmail, > >> syslog, apache, etc. > > > > Most of these services could easily be modified to start from > > inetd as wait services. Basically, inetd does the port binding, > > setuid-ing, and execing, just like it always does. As I've > > mentioned before, sendmail can definitely run in this manner. > > So could most web servers. > > Seems to me the performance implications for web serving is > not very attractive. In my case I just go with a minimalist > web server (not apache, I think the name is just "thtppd") > to reduce the security exposure. (well, it reduces the > feature set too, of course, but I don't need the missing > features). Using 'wait' eliminates the performance problem, since inetd essentially hands the socket over to the daemon and won't listen for new connections until it exits. -- Christopher Nielsen Scient: The eBusiness Systems Innovator <http://www.scient.com>; cnielsen@scient.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811181053450.413-100000>