Date: Tue, 17 Nov 1998 14:20:24 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: William McVey <wam@sa.fedex.com> Cc: Cliff Skolnick <cliff@steam.com>, Andrew McNaughton <andrew@squiz.co.nz>, Matthew Dillon <dillon@apollo.backplane.com>, Warner Losh <imp@village.org>, Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@FreeBSD.ORG, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Dima Ruban <dima@best.net> Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <199811172220.OAA29070@apollo.backplane.com> References: <199811172014.OAA05291@s07.sa.fedex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:Most of these services could easily be modified to start from :inetd as wait services. Basically, inetd does the port binding, :setuid-ing, and execing, just like it always does. As I've mentioned :before, sendmail can defintly run in this manner. So could most :web servers. I did some playing around with syslog starting from :inetd, and ran into a few problems which I need to read more syslogd :and inetd code to work out (for example, inetd normally logs it's :messages via syslog(3), what happens when it is the program starting :syslogd?) to "what does inetd log to before syslog comes online. : : -- William As a general rule, the more sophisticated services cannot be started from inetd unless you are running a very lightly loaded machine, because you must generally fixup the resource limits and do other pre-start setup prior to running many of them. news is an excellent example of the problem. You cannot run news from inetd.conf unless you are very, very careful about the way you setup the resources limits that inetd.conf runs under. sendmail wouldn't work very well either hacked for wait-mode operation, at least not in a light-weight environment. For example, starting it from inetd does not guarentee immediate startup... what happens if you need to run the queue? For that matter, what happens when you split the sendmail server, having one handling incoming connections and running others to independantly run the queue (e.g. you run sendmail -q15m -OMaxDaemonChildren=N1, and you also run sendmail -bd -OMaxDaemonChildren=N2). -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. <dillon@backplane.com> (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811172220.OAA29070>