Date: Wed, 1 Aug 2001 01:21:12 -0400 (EDT) From: Jeff Palmer <scorpio@drkshdw.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: <stable@FreeBSD.org> Subject: Re: Patch to modify default inetd.conf, have sysinstall prompt to edit , inetd.conf Message-ID: <20010801010958.X9176-100000@jeff.isni.net> In-Reply-To: <Pine.NEB.3.96L.1010731233839.54921B-200000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Pardon my newbieness.. Doesn't the 4.x branch have a dialog box at install time asking you what security model you'd prefer.. if you select high security, 'inetd' itself is even disabed.. (Your own post showed the dialog) In my opinion, security is up to each individual administrator. They should enable and disable all services based on their own needs. I rarely see a machine with a competent admin, running a nearly 100% default install. Also, FreeBSD has been awesome at fixing security holes within minutes or hours (and in extreme cases, a day or two). So the likelyhood of any daemon being exploitable within the first 15 minutes of a fresh install are pretty much zero. Therefore, it doesn't matter what services are enabled/disabled in inetd.conf as most administrators edit that file within a few minutes of a default install anyway. The current model, you edit it to close some ports. in the model you suggest, you edit it to open some ports. Either way, it takes an entire 20 seconds (ok, 1 minute for the 'vi newbie') to edit the file and HUP inetd. I'd prefer to see people spending their time auditing the code, so we can be even more proactive about exploits and vulnerabilities than we currently are, rather than wasting time talking about services enabled in inetd. Just my two cents. Feel free to CC: me unless it's a flame. If it's a flame.. please add [FLAME] to the subject for the procmail filters. Jeff Palmer scorpio@drkshdw.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010801010958.X9176-100000>