From owner-freebsd-current Mon Jun 28 2: 3:39 1999 Delivered-To: freebsd-current@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id 77AD514BDA for ; Mon, 28 Jun 1999 02:03:29 -0700 (PDT) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.02 #1) id 10yXJt-000Lma-00; Mon, 28 Jun 1999 11:03:17 +0200 From: Sheldon Hearn To: Doug Cc: current@freebsd.org Subject: Re: HEADS UP! Inetd wrapping OFF by default In-reply-to: Your message of "Sun, 27 Jun 1999 18:37:51 MST." <3776D1EF.D4D4021E@gorean.org> Date: Mon, 28 Jun 1999 11:03:17 +0200 Message-ID: <83735.930560597@axl.noc.iafrica.com> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 27 Jun 1999 18:37:51 MST, Doug wrote: > This is going to sound like I'm attacking sheldon, but I'm not > since he's already stated that the got approval for this change from > Jordan. Jordan will be the first to admit that he's been wrong before and I have a thick skin. > First, the setting in /etc/defaults/rc.conf should default to > off, as defaulting it to on violates POLA for the many many people who > haven't updated to 3.x from 2.2 yet. If we were integrating TCP Wrapper support into the base system for the very first time, I'd agree with you. However, we've already had a release go out with an inetd that wrapped by default. This is a situation in which we can't make _everyone_ happy. For the particular case you've provided, anyone who upgrades from 2.2 to 3.3 without reading the release notes will get what's coming to him. > Also, if the decision is made to leave it on by default, there should > be a hosts.allow file installed by default that has nothing but "ALL : > ALL" in it. We already have a hosts.allow that effectively allows everything. > Second, this command line switch is horrible UI design for > several reasons. First, any command line option that requires that > the same flag be applied twice is bad design, historical precedents > aside. That's an unfortunately timed revelation for me. I feel like I've seen it in a number of programs, although the only one I can remember is ftpd(8). I used that program as a reference, not knowing that it was bad design. :-( > Second, what if I want to wrap my internal services, but not wrap my > external ones? Then you want something that the guys working on the code, who use inetd quite a lot, didn't think of. They probably made the assumption that real-world scenarios like that don't exist. > I propose that the -w flag be changed to take parameters. To > start with, you would have [-w <[e] [i]>] to control wrapping for > external and internal services respectively. This makes my skin crawl, but that's probably just because I know what the code looks like. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message