Date: Wed, 15 Aug 2001 13:44:48 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Steven Ames <steve@virtual-voodoo.com> Cc: Igor Roshchin <str@giganda.komkon.org>, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <Pine.NEB.3.96L.1010815134222.81642K-100000@fledge.watson.org> In-Reply-To: <006601c125b0$625d7b90$28d90c42@eservoffice.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Aug 2001, Steven Ames wrote: > > I am not completely sure if this is a good idea or not, but I'd through it > in. > > How about having two menu options here, after offering to edit inetd.conf: > > for `experts' (manual editing) and for `beginners' (menu-driven > > configuration). > > 'sysinstall' already has a 'Security' menu under post configuration. > Couldn't we just install from a fixed set of 2-3 different inetd.conf > files? > > i.e. if the user selects 'moderate [default]' install > src/etc/inetd.conf.moderate into /etc. If they select 'extreme' install > the inetd.conf that has everything turned off. > > This is a short-term hackish solution but I believe it would suffice > until we get a GUI up where we can select 'yes'/'no' for every line in > the inetd.conf and have the ability to add in new lines. Good project > for someone... the 'inetd editor'. One of the problems with this solution is that sites frequently modify their inetd.conf to add services, such as pop or imap, and that if they ran sysinstall to select a template, they would risk squashing their current install. I agree with your thoughts on a menu-driven editor, but doing that properly relies on having a machine-parsable file format that supports in-band disabling of services. My feeling was that our current file format didn't lend itself to that, and as such I went with the current "spit the user a text editor" over implementing one before 4.4-RELEASE. If someone would like to write an editor that understands the syntax and semantics of inetd.conf, they should feel free. However, it needs to handle the cases where users have custom comments (etc) properly, and be able to handle the full scope of valid inetd.conf files, not just the set of files it could possibly generate. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010815134222.81642K-100000>