Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Feb 2001 15:52:12 +0200
From:      Neil Blakey-Milner <nbm@mithrandr.moria.org>
To:        turbo23 <turbo23@gmx.net>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Secure Servers (SMTP, POP3, FTP)
Message-ID:  <20010213155212.A70601@rapier.smartspace.co.za>
In-Reply-To: <5.0.2.1.2.20010213144216.00a80210@mail.gmx.net>; from turbo23@gmx.net on Tue, Feb 13, 2001 at 02:45:36PM %2B0100
References:  <xzpelx2zp8h.fsf@flood.ping.uio.no> <Pine.BSF.4.10.10102132032160.51860-100000@cache.bi.itb.ac. id> <5.0.2.1.2.20010213144216.00a80210@mail.gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue 2001-02-13 (14:45), turbo23 wrote:
> > > > Hmm, the standard FreeBSD ftpd can run as a daemon. But how do you 
> > control
> > > > the number of active connections? With /etc/login.conf or something
> > > > similar resource control (number of running processes)?
> > >
> > > Run ftpd from inetd like God intended and specify a maximum number of
> > > concurrent instances in inetd.conf.
> > >
> >
> >or maybe you like to run ftpd with tcp-server, from mr. djb.
> >small, fast and easy to configure.
> 
> You can also run ftpd with xinetd. It can also handle maximum number of 
> connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more 
> secure than inetd.

I'm not aware of any security issues in FreeBSD's inetd that involve it
running an external (ie, exec) service.  Care for pointers?

19 June 2000, xinetd had the following bug:

    Certain versions of xinetd have a bug in the access control
    mechanism. If you use a hostname to control access to a service
    (localhost instead of 127.0.0.1 ), xinetd will allow any connection
    from hosts that fail a reverse look-up. 

Perhaps you mean inetd's on other systems (like those that don't have
connection limits, and those that turn services off for 10 minutes
without configurability on the amount of time turned off)?

Neil
-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010213155212.A70601>