From owner-freebsd-security  Sun Aug 16 01:23:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA13537
          for freebsd-security-outgoing; Sun, 16 Aug 1998 01:23:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA13532
          for <security@FreeBSD.ORG>; Sun, 16 Aug 1998 01:23:41 -0700 (PDT)
          (envelope-from ncb05@banshee.cs.uow.edu.au)
Received: (from ncb05@localhost)
	by banshee.cs.uow.edu.au (8.9.1/8.9.1) id SAA16340;
	Sun, 16 Aug 1998 18:22:57 +1000 (EST)
Date: Sun, 16 Aug 1998 18:22:57 +1000 (EST)
From: Nicholas Charles Brawn <ncb05@uow.edu.au>
X-Sender: ncb05@banshee.cs.uow.edu.au
To: Darren Reed <avalon@coombs.anu.edu.au>
cc: security@FreeBSD.ORG
Subject: Re: inetd enhancements (fwd)
In-Reply-To: <199808160440.VAA29668@hub.freebsd.org>
Message-ID: <Pine.SOL.4.02A.9808161809120.13076-100000@banshee.cs.uow.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 16 Aug 1998, Darren Reed wrote:

> 
> allowing different programs to bind to different IP addresses
> (on a multi-ip# box) is something inetd does not do and can't
> handle with packet filters and requires tcpd/fwtk type solution.
> 
> however, I think that rather hacking that functionality into
> inetd, look at xinetd (which already has numerous additions)
> and leave inetd to be more standard...
> 
> 

However, as others have pointed out before, there is a certain piece of
mind gained when dealing with nice, neat, smaller programs. There are
fewer places for things to go wrong:
root@devel:/tmp/xinetd-2.2.1/xinetd# wc -l *.c |grep total
   12104 total
root@devel:/tmp/xinetd-2.2.1/xinetd# cd /usr/src/usr.sbin/inetd/
root@devel:/usr/src/usr.sbin/inetd# wc -l *.c |grep total
    1883 total
root@devel:/usr/src/usr.sbin/inetd#

In this case, I believe a patch that augments inetd's functionality
should be incorporated, so long as it is audited first. :)

Nick

--
Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick 
Key fingerprint =  DE 30 33 D3 16 91 C8 8D  A7 F8 70 03 B7 77 1A 2A
"When in doubt, ask someone wiser than yourself..." -unknown


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message