From owner-freebsd-security Tue Aug 15 12:49: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with SMTP id 657F337B8E6 for ; Tue, 15 Aug 2000 12:48:59 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 89574 invoked by uid 1000); 15 Aug 2000 19:48:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 15 Aug 2000 19:48:57 -0000 Date: Tue, 15 Aug 2000 14:48:57 -0500 (CDT) From: Mike Silbersack To: sthaug@nethelp.no Cc: kelleyry@bc.edu, razor@ldc.ro, freebsd-security@FreeBSD.ORG Subject: RE: xinetd versus inetd In-Reply-To: <28279.966363921@verdi.nethelp.no> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 15 Aug 2000 sthaug@nethelp.no wrote: > > I used to run tcpserver, but soon realized that xinetd could perform all > > the same important functions, and was much easier to configure. > > > > I don't think any modern inetd is as susceptible to resource exhaustion > > attacks as the tcpserver page will lead you to believe, but running xinetd > > does seem wise, as you can tune the various resource limits quite exactly. > > But do you trust xinetd? Seems it's time to repost the following News > article from Marcus Ranum, dating back to 1993. Still relevant, I think. > > Note: I have no personal experience with xinetd. I trust it, but I don't have any solid reason to. I have the idea in my head that it's hard to introduce a security bug in a program which does only what xinetd does, but strange things have happened. Looking at the inetd manpage now, it appears that per-service rate limting and such are now available on the freebsd inetd. I'll look into switching when I get some time. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message