From owner-freebsd-security Wed Aug 15 10:29:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id C1E0437B414; Wed, 15 Aug 2001 10:29:26 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id f7FHTKq11654; Wed, 15 Aug 2001 13:29:20 -0400 (EDT) (envelope-from str) Date: Wed, 15 Aug 2001 13:29:20 -0400 (EDT) From: Igor Roshchin Message-Id: <200108151729.f7FHTKq11654@giganda.komkon.org> To: rwatson@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Cc: security@FreeBSD.ORG In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Date: Wed, 15 Aug 2001 13:13:51 -0400 (EDT) > From: Robert Watson > > > On Wed, 15 Aug 2001, Sheldon Hearn wrote: > > > On Wed, 15 Aug 2001 11:51:28 -0400, Robert Watson wrote: > > > > > I recently changed sysinstall (should be in 4.4-RELEASE when that comes > > > out) to first ask whether the user wants to run inetd, and then if they > > > say yes, asks if they'd like to edit inetd.conf. Inetd.conf is now > > > defaulted so that all services are disabled. > > > > The only problem with this is that it raises the bar for installation. > > Now, people need to know how to drive a (possibly) unfamiliar text > > editor to turn stuff on. > > > > Still, I like the direction you're moving in. Ultimately, I think the > > text editor idea should be an advanced option and changes to inetd.conf > > (and whatever) should be possible with the UI. > > I agree with your observations--this is one reason I added some more > commenting to inetd.conf to make it more clear what the user should do. > > Actually, I think the real problem here is the inetd.conf file format. It > doesn't have an "in-band" way to disable services, all you can do is > comment them out. I'd like something more like /etc/ttys, where there's > an "on/off" choice. This lets a structured editor disable things in such > a way that it can recognize when to enable them (and when it's just a > comment). Note the magic that is possible in Andrey's ttys editing code, > but that is not possible in inetd.conf. > > Someone also later comments, in this thread, that we might make use of a > better editor. I agree that nano offers a lot of usability benefits, and > wouldn't mind further investigation of options like that. However, I'd > rather have a semantics-rich configuration editor (such as with the > ttys/console stuff) than a text editor, myself. > I am not completely sure if this is a good idea or not, but I'd through it in. How about having two menu options here, after offering to edit inetd.conf: for `experts' (manual editing) and for `beginners' (menu-driven configuration). The former one would bring up an editor (in this case it doesn't need to be nano, it can be vi, or whatever). The latter one would show a check-mark-type menu of services which could be enabled, and a small script called upon exit from this menu would write out /etc/inetd.conf with the lines commented or uncommented based upon the choices made, and a template of /etc/inetd.conf Best, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message