From owner-freebsd-security@FreeBSD.ORG Thu Sep 18 17:55:29 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E0C116A4B3 for ; Thu, 18 Sep 2003 17:55:29 -0700 (PDT) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48AF843FBD for ; Thu, 18 Sep 2003 17:55:28 -0700 (PDT) (envelope-from dart@nersc.gov) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id 8AFC077AC for ; Thu, 18 Sep 2003 17:55:27 -0700 (PDT) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 481D577A7 for ; Thu, 18 Sep 2003 17:55:27 -0700 (PDT) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id 35C4EF8EB for ; Thu, 18 Sep 2003 17:55:27 -0700 (PDT) X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: freebsd-security@freebsd.org In-Reply-To: Message from Bruce M Simpson <20030919002833.GE2720@saboteur.dek.spc.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-525543528P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Thu, 18 Sep 2003 17:55:27 -0700 From: Eli Dart Message-Id: <20030919005527.35C4EF8EB@gemini.nersc.gov> Subject: Re: Questionable merits of inetd replacements X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2003 00:55:29 -0000 --==_Exmh_-525543528P Content-Type: text/plain; charset=us-ascii In reply to Bruce M Simpson : > [subject change] > > On Thu, Sep 18, 2003 at 01:27:49PM -0600, Scott Gerhardt wrote: > > Better Yet, what about using xinetd which is much more configurable and > > robust. I am surprised that FreeBSD's default installation still uses inetd > > instead of xinetd. > > FreeBSD's inetd offers features which are not present in xinetd, support > for IPSEC policy settings being one of them. I fail to see how using > xinetd would be an improvement -- pardon my ignorance if there are features > in xinetd which you feel would somehow benefit the user base enough to > justify a change. Note also that the statement that xinetd is "more robust" contradicts recent history. xinetd has had several problems recently, the latest of which was a DoS vulnerability caused by a memory leak. For something that is designed to protect services from DoS, xinetd just doesn't seem ready for prime time.... --eli > > If inetd is not suitable for your needs, consider installing the xinetd port, > or integrating it into your own OS engineering build. > > BMS > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --==_Exmh_-525543528P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: Exmh version 2.5 07/13/2001 iD8DBQE/alP/LTFEeF+CsrMRAiH5AJwMaG9LA2NWYrVQk/ewXkldlB5nLQCfbxxU EaVUNnS/VzrEGksqhtpLv2o= =LyIw -----END PGP SIGNATURE----- --==_Exmh_-525543528P--