Re: Task harden.

To: xsdg <xsdg@softhome.net>
Cc: debian-devel@lists.debian.org
Subject: Re: Task harden.
From: Aubin Paul <aubin@debian.org>
Date: Mon, 2 Apr 2001 12:26:53 -0400
Message-id: <[🔎] 20010402122653.A20655@baltimore.outlyer.org>
In-reply-to: <[🔎] 20010402114842.B26810@216.254.117.126>; from xsdg@softhome.net on Mon, Apr 02, 2001 at 11:48:42AM -0400
References: <[🔎] 20010401222607.A3570@diamond.opal.dhs.org> <[🔎] 20010401220652.A14213@ucsd.edu> <[🔎] 20010402114842.B26810@216.254.117.126>

This might be a little off, but why not have a Debian package called
nullinetd, that just provides netkit-inetd, but is essentially empty?
I've been doing that myself on my own machines, but something like
that might be helpful if you're trying to avoid inetd... 

Also, why not ship inetd.conf with everything commented out... I think
you should have to deliberately open a service rather than have a
virgin box with everything open.

Aubin

On Mon, Apr 02, 2001 at 11:48:42AM -0400, xsdg wrote:
> On Sun, Apr 01, 2001 at 10:06:52PM -0700, John H. Robinson, IV wrote:
> > On Sun, Apr 01, 2001 at 10:26:08PM +0200, Ola Lundqvist wrote:
> > > And now some questions (that can be dicussed).
> > > * I intend to conflict with inetd. Do you think that is ok?
> > 
> > yes! there are good inetd's to replace it with (tcpserver, and xinetd[2]
> > both come to mind)
> I recently talked to the maintainer of netbase (netkit-inetd), and he said
> that he wasn't going to remove netbase's dependency on netkit-inetd, which
> would make this an extremely bad idea ATM...
> 
> > 
> > -john
> > 
> > [1] my theory is: if a large number of security violations have been
> >     found, chances are, more are still lurking. a complete re-write does
> >     get to wipe the slate clean, but i still don't trust BIND and no one
> >     is ever going to convince me otherwise. same with sendmail
> > 
> > [2] i have not too much familiarity with xinetd to actually recomend it,
> >     but i would rather use that that inetd
> I use(d?) xinetd, and I feel that it's heads and shoulders above inetd.
> It allows you to bind to specific interfaces, and its config file is much
> cleaner than that of inetd.  Finally, it can convert an inetd.conf to an
> xinetd.conf
> > 
> > [3] yes, some of the things i listed are non-free. i can't help that :(
> 	--xsdg
> 	
> -- 
>  ___________________________________________________
> /            ::Mouse movement detected::            \
> \      ::Reboot Windows to activate changes::       /
> /    http://xsdg.hypermart.net|xsdg@softhome.net    \
> \___________________________________________________/
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

Follow-Ups:
- Re: Task harden.
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: Task harden.
  - From: Ola Lundqvist <opal@debian.org>
- Re: Task harden.
  - From: Roland Bauerschmidt <roland@bauerschmidt.eu.org>

References:
- Task harden.
  - From: Ola Lundqvist <opal@debian.org>
- Re: Task harden.
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: Task harden.
  - From: xsdg <xsdg@softhome.net>

Prev by Date: Re: Task harden.
Next by Date: Re: RFC: new update-inetd
Previous by thread: Re: Task harden.
Next by thread: Re: Task harden.
Index(es):
- Date
- Thread