Date: Tue, 15 Aug 2000 14:48:57 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: sthaug@nethelp.no Cc: kelleyry@bc.edu, razor@ldc.ro, freebsd-security@FreeBSD.ORG Subject: RE: xinetd versus inetd Message-ID: <Pine.BSF.4.21.0008151444090.88715-100000@achilles.silby.com> In-Reply-To: <28279.966363921@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 15 Aug 2000 sthaug@nethelp.no wrote: > > I used to run tcpserver, but soon realized that xinetd could perform all > > the same important functions, and was much easier to configure. > > > > I don't think any modern inetd is as susceptible to resource exhaustion > > attacks as the tcpserver page will lead you to believe, but running xinetd > > does seem wise, as you can tune the various resource limits quite exactly. > > But do you trust xinetd? Seems it's time to repost the following News > article from Marcus Ranum, dating back to 1993. Still relevant, I think. > > Note: I have no personal experience with xinetd. I trust it, but I don't have any solid reason to. I have the idea in my head that it's hard to introduce a security bug in a program which does only what xinetd does, but strange things have happened. Looking at the inetd manpage now, it appears that per-service rate limting and such are now available on the freebsd inetd. I'll look into switching when I get some time. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008151444090.88715-100000>