Date: Tue, 26 Jan 1999 21:12:04 +0200 From: Mark Murray <mark@grondar.za> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: Andreas Klemm <andreas@klemm.gtn.com>, Nate Williams <nate@mt.sri.com>, Matthew Dillon <dillon@apollo.backplane.com>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: Small, useful tools (Was: Re: 'cpdup' program, and question) Message-ID: <199901261912.VAA50572@greenpeace.grondar.za> In-Reply-To: Your message of " Tue, 26 Jan 1999 19:46:36 %2B0100." <27224.917376396@critter.freebsd.dk> References: <27224.917376396@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > >> Tcp_wrappers are small enough to bmake directly. Trivial job. > > > >I'd second this with respect to FreeBSD getting an entry > >in the ,hall of fames' of "Ultra secure" BSD's ;-) > > It is not a matter of size, or bmakability, it is simply a matter of > importing code which is maintained (better) elsewhere is a bad idea > in principle (ref: IPFILTER, xntpd, sendmail &c &c &c) If the software concerned is undergoing rapid development (such as Fetchmail did a year or two ago as an extreme case and Sendmail is now as a mild case), I'd agree with you vehemently. Tcp_wrappers are extremely stable, and have had nary an update for quite a while in spite of its popularity. I reckon having sendmail delivered OOTB with wrappers will assist the newbie sysadmin no end with securing against bombers and spammers, and likewise for inetd with similar support (disclaimer *). <datapoint> I would have loved to include a POP server in the to-be-bmaked list, except I have read too much recently about how unstable or stylisticaly bad the current options are. <MHO> Nevertheless, it would do our "features" list a good turn to have "POP server" on the "out of box" list. </MHO> </datapoint> Point taken. I'll add xntpd to my list of projects (meaning I'll get to it about 6 months :). TCP_wrappers I can do in an hour; I know, 'cos I did it before (I lost that when I was burgled). M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org * I fully recognise that tcp wrappers are susceptible to spoofing attacks. They are however extremely effective against the current crop of 5KR1PT K1DZ. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901261912.VAA50572>