-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Aside from having more connection limiting features inetd is also > > easier to configure on non-standard ports, uses less memory (1K vs > > 5K), and has a simpler (and by extension more secure) code base. > > As to security I think both code bases have had about the same degree of > peer review. The smaller size of the inetd code base is what makes it > more secure. 1) how does this interact with privilege separation? as far as I understand it, privilege separation implies that no raw data from the network will ever be touched by a root-running process. I don't expect that inetd can say the same. 2) if you really are looking for a very simple/secure network listener, tcpserver from the ucspi-tcp package is going to fit that bill _way_ more than inetd. and tcpserver also provides rate-limiting, use of arbitrary ports, an even smaller memory footprint, as well as features that inetd doesn't have (like setting environment variables based on remote address). -Jason -------------------------------------------------------------------------- Freud himself was a bit of a cold fish, and one cannot avoid the suspicion that he was insufficiently fondled when he was an infant. -- Ashley Montagu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQFAoUaLswXMWWtptckRAkBeAKDfVrZE5ezanuxyqVmdANVCLJ73swCfTPXv 5sqmuZRai9vd3nsfNqQskN8= =76iI -----END PGP SIGNATURE----- _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"