Date: Tue, 17 Nov 1998 14:20:24 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: William McVey <wam@sa.fedex.com> Cc: Cliff Skolnick <cliff@steam.com>, Andrew McNaughton <andrew@squiz.co.nz>, Matthew Dillon <dillon@apollo.backplane.com>, Warner Losh <imp@village.org>, Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@FreeBSD.ORG, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, Dima Ruban <dima@best.net> Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <199811172220.OAA29070@apollo.backplane.com> References: <199811172014.OAA05291@s07.sa.fedex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:Most of these services could easily be modified to start from
:inetd as wait services. Basically, inetd does the port binding,
:setuid-ing, and execing, just like it always does. As I've mentioned
:before, sendmail can defintly run in this manner. So could most
:web servers. I did some playing around with syslog starting from
:inetd, and ran into a few problems which I need to read more syslogd
:and inetd code to work out (for example, inetd normally logs it's
:messages via syslog(3), what happens when it is the program starting
:syslogd?) to "what does inetd log to before syslog comes online.
:
: -- William
As a general rule, the more sophisticated services cannot be
started from inetd unless you are running a very lightly loaded
machine, because you must generally fixup the resource limits
and do other pre-start setup prior to running many of them.
news is an excellent example of the problem. You cannot run
news from inetd.conf unless you are very, very careful about
the way you setup the resources limits that inetd.conf
runs under.
sendmail wouldn't work very well either hacked for wait-mode
operation, at least not in a light-weight environment. For
example, starting it from inetd does not guarentee immediate
startup... what happens if you need to run the queue? For
that matter, what happens when you split the sendmail server,
having one handling incoming connections and running others
to independantly run the queue (e.g. you run sendmail -q15m
-OMaxDaemonChildren=N1, and you also run sendmail -bd
-OMaxDaemonChildren=N2).
-Matt
Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet
Communications & God knows what else.
<dillon@backplane.com> (Please include original email in any response)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811172220.OAA29070>