Date: Sat, 30 Sep 2000 17:23:24 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: Adam Laurie <adam@algroup.co.uk>, security@FreeBSD.ORG Subject: Re: inetd sucks? (Re: cvs commit: ports/mail/pine4 Makefile (fwd)) Message-ID: <20000930172324.A15827@mithrandr.moria.org> In-Reply-To: <200009301459.e8UEx1r64844@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Sep 30, 2000 at 07:58:02AM -0700 References: <20000930161933.A15519@mithrandr.moria.org> <200009301459.e8UEx1r64844@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat 2000-09-30 (07:58), Cy Schubert - ITSD Open Systems Group wrote:
> In message <20000930161933.A15519@mithrandr.moria.org>, Neil
> Blakey-Milner writ
> es:
> > The problem here is that 'telnet' is the LCD, and with the really bad
> > way inetd is configured, it isn't easy to twiddle this bit from
> > sysinstall. We ask about 'ftp' too, and it's sort-of expected to work.
> > The rest, in my opinion, can all be commented out.
> >
> > The alternative (which I'm almost finished working on) is to use a
> > directory + file configuration structure (which I've subsequently found
> > out xinetd uses) which allows sysinstall and other scripts to twiddle
> > services with ease.
>
> I assume you're going to make your work public, e.g. a port? Will it
> compile on Solaris, Tru64-UNIX, and Linux too?
I've currently built it into out inetd (as an _extra_ means of
configuration, not replacing the current). It's a very easy-to-use and
easy-to-program thing to add, so if the other inetd's can't be bothered
to consider it, then that's their fault.
If you have to spend the time running around all the inconsistencies of
the other systems, the effort to consolidate your inetd.conf rules in
inetd.conf, and not the directory-based structure will be only a tiny
part.
("Linux" doesn't use just one inetd. RedHat 7.0 uses xinetd by default,
which has something very much like this, or so I was told when I
discussed this with some local sysadmin and users. I'll take this as
proof it's an advantage for a highly configurable system.)
> I've got an awk script that twiddles the bits in inetd.conf. It's not
> that difficult to do. The nice thing about it is that it's
> cross-platform.
As much as I feel comfortable running awk from the installer... oh,
wait, I'm not. As I suggested to you last time - suggest that we make a
/usr/share/examples/inetd with example inetd.conf files in it, and your
awk script(s), so that it is included in the distribution.
Neil
--
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000930172324.A15827>