Date: Wed, 15 Aug 2001 13:29:20 -0400 (EDT) From: Igor Roshchin <str@giganda.komkon.org> To: rwatson@FreeBSD.ORG Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <200108151729.f7FHTKq11654@giganda.komkon.org> In-Reply-To: <Pine.NEB.3.96L.1010815131102.81642F-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Wed, 15 Aug 2001 13:13:51 -0400 (EDT) > From: Robert Watson <rwatson@FreeBSD.ORG> > > > On Wed, 15 Aug 2001, Sheldon Hearn wrote: > > > On Wed, 15 Aug 2001 11:51:28 -0400, Robert Watson wrote: > > > > > I recently changed sysinstall (should be in 4.4-RELEASE when that comes > > > out) to first ask whether the user wants to run inetd, and then if they > > > say yes, asks if they'd like to edit inetd.conf. Inetd.conf is now > > > defaulted so that all services are disabled. > > > > The only problem with this is that it raises the bar for installation. > > Now, people need to know how to drive a (possibly) unfamiliar text > > editor to turn stuff on. > > > > Still, I like the direction you're moving in. Ultimately, I think the > > text editor idea should be an advanced option and changes to inetd.conf > > (and whatever) should be possible with the UI. > > I agree with your observations--this is one reason I added some more > commenting to inetd.conf to make it more clear what the user should do. > > Actually, I think the real problem here is the inetd.conf file format. It > doesn't have an "in-band" way to disable services, all you can do is > comment them out. I'd like something more like /etc/ttys, where there's > an "on/off" choice. This lets a structured editor disable things in such > a way that it can recognize when to enable them (and when it's just a > comment). Note the magic that is possible in Andrey's ttys editing code, > but that is not possible in inetd.conf. > > Someone also later comments, in this thread, that we might make use of a > better editor. I agree that nano offers a lot of usability benefits, and > wouldn't mind further investigation of options like that. However, I'd > rather have a semantics-rich configuration editor (such as with the > ttys/console stuff) than a text editor, myself. > I am not completely sure if this is a good idea or not, but I'd through it in. How about having two menu options here, after offering to edit inetd.conf: for `experts' (manual editing) and for `beginners' (menu-driven configuration). The former one would bring up an editor (in this case it doesn't need to be nano, it can be vi, or whatever). The latter one would show a check-mark-type menu of services which could be enabled, and a small script called upon exit from this menu would write out /etc/inetd.conf with the lines commented or uncommented based upon the choices made, and a template of /etc/inetd.conf Best, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108151729.f7FHTKq11654>