Re: [bug-inetutils] some notes on inetutils-1.8

[melodramus]

On Wed, 18 Aug 2010 01:39:54 +0200
address@hidden wrote:

> > There is no harm in having inetd installed, likewise for the other
> > daemons.  They are for one not started (unless your OS does
> > something, which we cannot control anyway), and require root access
> > to run.  Some programs do get installed as SUID root, like ping
> > which require special access when creating ports, but that is it.
> 
> you don't see potential harm in unforeseen situations and in SUID
> root? are you only a developer or do you also admin a system. i mean,
> do you have some experience with administration? is the simple rule
> 'do not leave stuff on the system that isn't needed and potentially
> dangerous!' known to you? there is a simple reason for this rule.
> shit happens! possibly because of oneself. possibly through the
> browser. one never knows. is the firewall set correctly? are ports
> left open? things can be checked, but the one who can start a daemon
> on your system can possibly also open ports!

just an appendix from wikipedia:

Security concerns

While the inetd concept as a service dispatcher is not inherently
insecure, the long list of services that inetd traditionally provided
gave computer security experts pause. The possibility of a service
having an exploitable flaw, or the service just being abused, had to be
considered. Unnecessary services were disabled and "off by default"
became the mantra. It is not uncommon to find an /etc/inetd.conf with
almost all the services commented out in a modern Unix distribution.


best wishes,
MeloDramus <address@hidden>