From owner-freebsd-security  Mon Jan 22 23:31:44 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id XAA10277
          for security-outgoing; Mon, 22 Jan 1996 23:31:44 -0800 (PST)
Received: from statler.csc.calpoly.edu (statler-srv.csc.calpoly.edu [129.65.241.4])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA10267
          for <security@freebsd.org>; Mon, 22 Jan 1996 23:31:41 -0800 (PST)
Received: (from nlawson@localhost) by statler.csc.calpoly.edu (8.6.12/N8) id XAA10321; Mon, 22 Jan 1996 23:30:57 -0800
From: Nathan Lawson <nlawson@statler.csc.calpoly.edu>
Message-Id: <199601230730.XAA10321@statler.csc.calpoly.edu>
Subject: Re: Ownership of files/tcp_wrappers port
To: tom@uniserve.com (Tom Samplonius)
Date: Mon, 22 Jan 1996 23:30:56 -0800 (PST)
Cc: security@freebsd.org
In-Reply-To: <Pine.BSF.3.91.960122221256.811B-100000@haven.uniserve.com> from "Tom Samplonius" at Jan 22, 96 10:15:28 pm
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
Precedence: bulk

> On Mon, 22 Jan 1996, Nathan Lawson wrote:
> 
> > Secondly, I was wondering why the tcp_wrappers distribution didn't make it
> > into the source tree instead of being a port.  It's a pretty small program
> > that hasn't received too many changes recently.  It's very worthwhile and
> > libwrap.a can be linked into portmap and ypserv a lot more easily (even
> > making this the default, perhaps).
> 
>   Personally, I've always considered xinetd to the be the superior 
> solution to the access control problem, since it doesn't incur the extra 
> overhead of a fork+exec for every connection.

This is a good idea, but I'd still like the libwrap.a or an equivalent
library to link ypserv and portmap against by default.  I think xinetd is
a bit too big and possibly buggy, whereas tcp_wrappers is a bit smaller, but
requires some fork overhead.  I'd _prefer_ to see tcp_wrappers in the
standard dist, with xinetd as a port, but that is my opinion only.

Let's not have this distract us from my main point, which is that some kind
of access control (whether xinetd or tcp_wrappers) should be installed by
default, with easy-to-uncomment rules there for those people that need to
get access control done quickly.

-- 
Nate Lawson   \Yeah, I was dreaming through the 'howzlife', yawning, car black, 
Owner:         \when she told me 'mad and meaningless as ever...' and a song 
Cal Poly State  \came on the radio like a cemetery rhyme for a million crying 
University       \corpses in their tragedy of respectable existence.  - BR