Questionable merits of inetd replacements
Eli Dart
dart at nersc.gov
Thu Sep 18 17:55:29 PDT 2003
In reply to Bruce M Simpson <bms at spc.org> :
> [subject change]
>
> On Thu, Sep 18, 2003 at 01:27:49PM -0600, Scott Gerhardt wrote:
> > Better Yet, what about using xinetd which is much more configurable and
> > robust. I am surprised that FreeBSD's default installation still uses inetd
> > instead of xinetd.
>
> FreeBSD's inetd offers features which are not present in xinetd, support
> for IPSEC policy settings being one of them. I fail to see how using
> xinetd would be an improvement -- pardon my ignorance if there are features
> in xinetd which you feel would somehow benefit the user base enough to
> justify a change.
Note also that the statement that xinetd is "more robust" contradicts
recent history. xinetd has had several problems recently, the latest
of which was a DoS vulnerability caused by a memory leak. For
something that is designed to protect services from DoS, xinetd just
doesn't seem ready for prime time....
--eli
>
> If inetd is not suitable for your needs, consider installing the xinetd port,
> or integrating it into your own OS engineering build.
>
> BMS
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 224 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030918/f1e6d2f9/attachment.bin
More information about the freebsd-security
mailing list