Date: Wed, 15 Aug 2001 13:13:51 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Richard Stanaford <richard@nebula-bsd.dyndns.org>, "Andrew R. Reiter" <arr@watson.org>, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.NEB.3.96L.1010815131102.81642F-100000@fledge.watson.org> In-Reply-To: <86008.997892874@axl.seasidesoftware.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Aug 2001, Sheldon Hearn wrote: > On Wed, 15 Aug 2001 11:51:28 -0400, Robert Watson wrote: > > > I recently changed sysinstall (should be in 4.4-RELEASE when that comes > > out) to first ask whether the user wants to run inetd, and then if they > > say yes, asks if they'd like to edit inetd.conf. Inetd.conf is now > > defaulted so that all services are disabled. > > The only problem with this is that it raises the bar for installation. > Now, people need to know how to drive a (possibly) unfamiliar text > editor to turn stuff on. > > Still, I like the direction you're moving in. Ultimately, I think the > text editor idea should be an advanced option and changes to inetd.conf > (and whatever) should be possible with the UI. I agree with your observations--this is one reason I added some more commenting to inetd.conf to make it more clear what the user should do. Actually, I think the real problem here is the inetd.conf file format. It doesn't have an "in-band" way to disable services, all you can do is comment them out. I'd like something more like /etc/ttys, where there's an "on/off" choice. This lets a structured editor disable things in such a way that it can recognize when to enable them (and when it's just a comment). Note the magic that is possible in Andrey's ttys editing code, but that is not possible in inetd.conf. Someone also later comments, in this thread, that we might make use of a better editor. I agree that nano offers a lot of usability benefits, and wouldn't mind further investigation of options like that. However, I'd rather have a semantics-rich configuration editor (such as with the ttys/console stuff) than a text editor, myself. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010815131102.81642F-100000>