Re: Secure Servers (SMTP, POP3, FTP)

From: turbo23 (turbo23@gmx.net)
Date: 02/13/01


Date: Tue, 13 Feb 2001 15:07:00 +0100
To: Neil Blakey-Milner <nbm@mithrandr.moria.org>
From: turbo23 <turbo23@gmx.net>


> > >or maybe you like to run ftpd with tcp-server, from mr. djb.
> > >small, fast and easy to configure.
> >
> > You can also run ftpd with xinetd. It can also handle maximum number of
> > connections. IMHO it isn't as fast as Bernsteins tcp-server but it's more
> > secure than inetd.
>
>I'm not aware of any security issues in FreeBSD's inetd that involve it
>running an external (ie, exec) service. Care for pointers?
>
>19 June 2000, xinetd had the following bug:
>
> Certain versions of xinetd have a bug in the access control
> mechanism. If you use a hostname to control access to a service
> (localhost instead of 127.0.0.1 ), xinetd will allow any connection
> from hosts that fail a reverse look-up.
>
>Perhaps you mean inetd's on other systems (like those that don't have
>connection limits, and those that turn services off for 10 minutes
>without configurability on the amount of time turned off)?

You're right. But we had troubles with some inetd and Linux machines. I
thought this could be a problem with freebsd too. But I was wrong. Anwyway
we are using tcpserver at the moment.

regards
Thomas

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message