FreeBSD Security model

Aled Morris aledm at qix.co.uk
Tue Jan 8 11:45:21 GMT 2002


On Tue, 8 Jan 2002 mark.stewart at bacs.co.uk wrote:

>Cool, if all i need to run on a server is sshd, squid and DNS I should disable
>inetd. Whats its purpose anyway, does it stop users from running disallowed
>services ???

Its purpose is to stop the proliferation of standalone daemons, especially
for services which may be rarely invoked and so which don't need to be
running 24x7

TFTP is a good example, I use it to save my router configs but they don't
change that often.

In the old days when memory was expensive I used to run sendmail from
inetd ("sendmail -bs" as I recall) on boxes that would receive only a few
messages a day.

One side effect of inetd is that it makes writing network programs
easier; you only need to read/write from stdin/stdout and inetd takes care
of the messy socket stuff.  You don't even need to worry about handling
multiple requests and forking, since inetd will fork a copy of your server
for each incoming connection if you want.

Aled
-- 
        ++  Fast, affordable, server hosting in Telehouse, London  ++
        ++               http://www.qix.co.uk/colo/                ++





More information about the Ukfreebsd mailing list