Date: Fri, 22 Sep 2000 22:09:08 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <20000922220908.D5065@speedy.gsinet> In-Reply-To: <20000922165725.A30364@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Fri, Sep 22, 2000 at 04:57:25PM %2B0200 References: <20000922160123.A29787@mithrandr.moria.org> <200009221435.e8MEZCs11279@cwsys.cwsent.com> <20000922165725.A30364@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 22, 2000 at 16:57 +0200, Neil Blakey-Milner wrote:
>
> I think inetd_enable="YES"/"NO" is mostly sufficient. Anything
> beyond that is the realm of the administrator. Perhaps we can
> put your scripts in /usr/share/examples/inetd/, along with
> example configurations, like inetd.conf.rsh, inetd.conf.ftp,
> inetd.conf.full. Then have a mostly-empty /etc/inetd.conf that
> isn't self-documenting, with ftp and commented out telnet and
> (internal) auth.
How about having simply two questions like "do you want to run
inetd on your system" and "would you like to edit the conf file
now"? This will introduce only one or two question dialogs in
the install sequence and provides the ability to absolutely
customize every single aspect. The second question could have a
hint like "you may as well come back anytime and edit
/etc/inetd.conf" or something. Now it's "only" about wording.
The editor is known and it works with the ftp greeting message
already.
> What else do people run out of inetd? (I don't know - I don't
> have any systems that run inetd, except one with only internal
> auth so I can IRC from it)
I'm afraid you never have the idea of what people might want to
run from inetd. It's even not always to be understood that they
run inetd at all. :) Writing an installer you just cannot think
of every wish a user might have. But those with more concrete
intensions should always get what they want by using any editor.
All the others can be satisfied(?) with a "run inetd at all?"
question.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000922220908.D5065>