Re: How secure is inetd nowadays?

"Nico Kadel-Garcia" <nkadel@xxxxxxxxx> wrote in message
news:6ebeba14-0d6a-4a56-95f7-32462c9ed8a5@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 7 Dec, 01:04, Unruh <unruh-s...@xxxxxxxxxxxxxx> wrote:
Bill Marcum <marcumb...@xxxxxxxxxxxxx> writes:
On 2007-12-06, Unruh <unruh-s...@xxxxxxxxxxxxxx> wrote:
"Magnate" <contact...@xxxxxxxxxxxxxx> writes:

Hi All,

Some years ago (late '90s) I stopped using inetd, because there were
some
serious security issues. I think mainly around the portmapper, IIRC.
Anyway,
I moved to making all the services I want to use run as permanent
daemons -
exim, apache etc. etc.

This has worked fine - I've not touched inetd since then. Until now -
I've
just installed Leafnode, having found Cnews way too abstruse and INN
too big
for my needs. Leafnode will not run as a standalone daemon, so I have
had to
reinstall inetd. I'm using the "openbsd-inetd" which comes with my
distro
(Debian Etch).

Uh, inetd has been replaced by xinetd.

I can't see my previous followup yet. I said that leafnode requires
inetd. Actually the Ubuntu (and probably Debian) leafnode package
requires inetd, I don't know why.
If you read /usr/share/doc/leafnode/INSTALL.gz, it tells how you can
make leafnode work with xinetd.

I cannot see how it could. Both inetd and xinetd watch the incoming
traffic, and if they find a request for a specific port they run the
required daemon, and pass the traffic to that daemon. They both work in
the
same way, and the daemon has no idea what woke it up and started it
running.- Hide quoted text -

- Show quoted text -

I've run into that sort of thing with forward porting old tools. You
may need to tweak some code to use xinetd instead, but it's a lot
safer than using inetd.

Well this is a fine discussion, but could somebody please explain *why*
xinetd is so much safer than inetd?

To answer the question in the first response, I'm using inetd because it's
there. The openbsd-inetd package is part of the base Debian install and has
been there since the system was built. Why would I mess about installing and
configuring a whole extra package when the one that is there was working
perfectly with Leafnode within about three minutes?

All I want to know is what are the remaining security issues with inetd, so
that I can assess the risk of using it and weigh that against the effort of
switching to xinetd. (It looks like it will not be much effort to switch,
but I'd still like to know the risks.)

Alternatively, does anyone know if a future version of Leafnode will include
a standalone daemon listening on port 119?

CC


.

Relevant Pages

  • Re: How secure is inetd nowadays?
    ... Actually the Ubuntu (and probably Debian) leafnode package ... requires inetd, I don't know why. ... I am running leafnode under xinetd, and it runs perfectly fine, though I ...
    (comp.os.linux.security)
  • Re: ssh fails with xinetd
    ... I have a FreeBSD 6.2 system on which inetd was replaced with xinetd. ... spawned by inetd when there's a connection request. ... suffer serious abuse and unsuccessfully preserve the daemon. ...
    (comp.security.ssh)
  • Re: How secure is inetd nowadays?
    ... Leafnode will not run as a standalone daemon, ... inetd has been replaced by xinetd. ...
    (comp.os.linux.security)
  • Re: How secure is inetd nowadays?
    ... Leafnode will not run as a standalone daemon, ... reinstall inetd. ... Both inetd and xinetd watch the incoming ...
    (comp.os.linux.security)
  • Re: How secure is inetd nowadays?
    ... Leafnode will not run as a standalone daemon, ... reinstall inetd. ... make leafnode work with xinetd. ... Because editing a single configuration file of inconsistent, ...
    (comp.os.linux.security)
Quantcast