Subject: Re: inetd.conf [firstname.lastname@example.org: CVS commit: basesrc]
To: None <email@example.com>
From: Herb Peyerl <firstname.lastname@example.org>
Date: 06/06/2000 08:26:37
Bill Sommerfeld <email@example.com> wrote:
> Leaving things turned on in inetd.conf by default is worse than what
> we have now from a security standpoint. Most security compromises
> i've seen come from unneeded services (e.g., breakins through imapd on
> linux boxes which didn't have any reason to receive mail).
We ship with an empty root pw. I'm not sure how much less secure you can
get out of the box...
I think it's clear that users are expected to do _some_ configuration
when they open the box... If we ship with "INETD=no" and they want to
turn it on, then they should also configure it... Just like you have
to configure sendmail when you turn it on too.