From owner-freebsd-security Wed Aug 15 10:32:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B0A0237B414 for ; Wed, 15 Aug 2001 10:32:48 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.4/8.11.4) with SMTP id f7FHWef11981; Wed, 15 Aug 2001 13:32:40 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 15 Aug 2001 13:32:40 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Igor Roshchin Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <200108151729.f7FHTKq11654@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 15 Aug 2001, Igor Roshchin wrote: > > I agree with your observations--this is one reason I added some more > > commenting to inetd.conf to make it more clear what the user should do. > > > > Actually, I think the real problem here is the inetd.conf file format. It > > doesn't have an "in-band" way to disable services, all you can do is > > comment them out. I'd like something more like /etc/ttys, where there's > > an "on/off" choice. This lets a structured editor disable things in such > > a way that it can recognize when to enable them (and when it's just a > > comment). Note the magic that is possible in Andrey's ttys editing code, > > but that is not possible in inetd.conf. > > > > Someone also later comments, in this thread, that we might make use of a > > better editor. I agree that nano offers a lot of usability benefits, and > > wouldn't mind further investigation of options like that. However, I'd > > rather have a semantics-rich configuration editor (such as with the > > ttys/console stuff) than a text editor, myself. > > I am not completely sure if this is a good idea or not, but I'd through > it in. How about having two menu options here, after offering to edit > inetd.conf: for `experts' (manual editing) and for `beginners' > (menu-driven configuration). The former one would bring up an editor > (in this case it doesn't need to be nano, it can be vi, or whatever). > The latter one would show a check-mark-type menu of services which could > be enabled, and a small script called upon exit from this menu would > write out /etc/inetd.conf with the lines commented or uncommented based > upon the choices made, and a template of /etc/inetd.conf This is pretty much what I had in mind, but the problem I cited was that it's difficult for such an editor to read in inetd.conf in an effective way after the user has edited it once, because it's hard to tell which lines are "disabled services" and which are simply "comments". Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message