On Sun, Sep 22, 2002 at 09:07:09PM -0700, Thomas Bushnell, BSG wrote: > > It is easy to turn off, but that's not as good as it could be for two > > reasons: one is that you have to turn it off when the system can be > > smart enough to not turn it on it the first place if it's not needed, > > and the second is that if you don't want it turned on, by far the easiest > > and safest way of ensuring that is to not have it installed in the first > > place. Maybe you don't care about the difference, but other people do. > rm /etc/inetd.conf > 1) makes sure it won't run, and that if it is run, it won't work; > 2) is already the supported way of dealing in Debian. > Now, if you afraid that if the program exists it might start doing > something by magic, well, any program from fileutils might do that > too. Consider the "magic" required. One possibility is that something will accidently recreate /etc/inetd.conf. The other is that "ls" or similar will accidently get socket coded added to it. The latter doesn't seem remotely plausible: it could happen if someone specifically wants to exploit you, but not by accident, or as part of regular Debian activity. By contrast the former happens every time you upgrade netkit-inetd -- as it happens (2) *isn't* the case. There are other things you can try that'll work with more or less effectiveness. None of them are as easy and reliable as just removing the package, or not installing it in the first place. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``If you don't do it now, you'll be one year older when you do.''
Attachment:
pgpFwncnGm3Ej.pgp
Description: PGP signature