Date: Thu, 18 Sep 2003 18:07:10 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:12.openssh Message-ID: <20030919010710.D0BA3DACBD@mx7.roble.com> In-Reply-To: <20030918231811.GE527@silverwraith.com> References: <20030918192135.744AADACAF@mx7.roble.com> <20030918231811.GE527@silverwraith.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I don't want one service (ssh) being dependant on anoyher service > (inetd). This is bad system design. Inetd was designed for processes exactly like ssh, processes that are not generating connections continuously like sendmail, apache, or named. Duplicating inetd's features increases the total code, increases its complexity, and reduces overall security. Sshd doesn't need to know how to run as a daemon. That code is already in inetd. Sshd also doesn't need to duplicate the connection limiting, process limiting, and tcp_wrappers already built into inetd. This is why all modern unix systems have inetd or xinetd. -- Roger Marquis Roble Systems Consulting http://www.roble.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030919010710.D0BA3DACBD>