From owner-freebsd-security Sat Sep 30 8:23:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 5F88437B66C for ; Sat, 30 Sep 2000 08:23:37 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13fOU0-000491-00; Sat, 30 Sep 2000 17:23:24 +0200 Date: Sat, 30 Sep 2000 17:23:24 +0200 From: Neil Blakey-Milner To: Cy Schubert - ITSD Open Systems Group Cc: Adam Laurie , security@FreeBSD.ORG Subject: Re: inetd sucks? (Re: cvs commit: ports/mail/pine4 Makefile (fwd)) Message-ID: <20000930172324.A15827@mithrandr.moria.org> References: <20000930161933.A15519@mithrandr.moria.org> <200009301459.e8UEx1r64844@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200009301459.e8UEx1r64844@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Sep 30, 2000 at 07:58:02AM -0700 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat 2000-09-30 (07:58), Cy Schubert - ITSD Open Systems Group wrote: > In message <20000930161933.A15519@mithrandr.moria.org>, Neil > Blakey-Milner writ > es: > > The problem here is that 'telnet' is the LCD, and with the really bad > > way inetd is configured, it isn't easy to twiddle this bit from > > sysinstall. We ask about 'ftp' too, and it's sort-of expected to work. > > The rest, in my opinion, can all be commented out. > > > > The alternative (which I'm almost finished working on) is to use a > > directory + file configuration structure (which I've subsequently found > > out xinetd uses) which allows sysinstall and other scripts to twiddle > > services with ease. > > I assume you're going to make your work public, e.g. a port? Will it > compile on Solaris, Tru64-UNIX, and Linux too? I've currently built it into out inetd (as an _extra_ means of configuration, not replacing the current). It's a very easy-to-use and easy-to-program thing to add, so if the other inetd's can't be bothered to consider it, then that's their fault. If you have to spend the time running around all the inconsistencies of the other systems, the effort to consolidate your inetd.conf rules in inetd.conf, and not the directory-based structure will be only a tiny part. ("Linux" doesn't use just one inetd. RedHat 7.0 uses xinetd by default, which has something very much like this, or so I was told when I discussed this with some local sysadmin and users. I'll take this as proof it's an advantage for a highly configurable system.) > I've got an awk script that twiddles the bits in inetd.conf. It's not > that difficult to do. The nice thing about it is that it's > cross-platform. As much as I feel comfortable running awk from the installer... oh, wait, I'm not. As I suggested to you last time - suggest that we make a /usr/share/examples/inetd with example inetd.conf files in it, and your awk script(s), so that it is included in the distribution. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message