From owner-freebsd-arch Mon Jun 26 9:47:25 2000 Delivered-To: freebsd-arch@freebsd.org Received: from zippy.osd.bsdi.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id A673337BAC2 for ; Mon, 26 Jun 2000 09:47:22 -0700 (PDT) (envelope-from jkh@zippy.osd.bsdi.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.osd.bsdi.com (8.9.3/8.9.3) with ESMTP id JAA02965; Mon, 26 Jun 2000 09:47:59 -0700 (PDT) (envelope-from jkh@zippy.osd.bsdi.com) To: Will Andrews Cc: arch@FreeBSD.ORG Subject: Re: Disabling inetd? In-reply-to: Your message of "Mon, 26 Jun 2000 05:35:25 EDT." <20000626053525.U85886@argon.gryphonsoft.com> Date: Mon, 26 Jun 2000 09:47:59 -0700 Message-ID: <2962.962038079@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > What are people's opinions about doing this? IMHO there is nothing in > inetd that is absolutely essential when someone installs FreeBSD on a > virgin system. Let's take a few things as examples. Telnet is an > insecure protocol and has been replaced for the most part by SSH. Then > there's FTP. How many people are going to run FTP servers on their > machines by default? Now talk daemon, auth server (for ident, typically > used with IRC), and finger. Not everyone really needs these. I think it's a fairly evil idea. People expect to be able to telnet into a box right after it's installed and they're not always on an insecure LAN which makes that a security issue. Even when it is an issue, our telnet supports SRA encryption now. If you want to really solve the problem, write a new "services dialog" for sysinstall which lets you select the things you'd like to have listening for connections at boot time and edit the prototype /etc/inetd.conf accordingly. ssh could also get an entry in that list, which would probably be far easier for people to find than its current position under Startup->Networking. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message