> But about the other services? I'd perhaps like to use tcpserver for them
too..
> and I've heard that others have had success with this. But I don't like
the
> idea of a whole bunch of programs all configured with command line
directives
> running in the background just for these rarely used services.
what exactly is a rarely used service? also, what's the problem with
programs running in the background? if they're so rarely used, they'll be
the first things paged out of memory if your system needs it.
> Why doesn't somebody patch tcpserver so that one daemon can handle
multiple
> services and read the configuration all out of one file. That would be
really
> neat, IMO.
there's already a program written just like that, it's called "inetd." as
was mentioned in a previous exchange, one of the problems of inetd is that
you can't limit each service's resources separately. programs such as
xinetd or some enhanced inetd might support this, but tcpserver has an
advantage in that each service is compartmented and running by itself.
> Also, when you tcpserver devotees start railing about how the system can
be
> attacked with inetd, it rings hollow to me because an attacker could use
any
> service to attack, right? So if I have inetd in my system I'm vulnerable
> whether I used it for qmail or not. Wouldn't it be cooler if you could
show the
> user how to easily replace inetd with tcpserver all together?
why DO you have inetd in your system? there's only one or two things i can
think of that people leave inetd on for: telnet, ftp, finger maybe. unless
you really really need telnet, you'd be better off with ssh. finger is so
widely disabled that i don't even bother with it anymore. that leaves only
ftp to run from inetd. every other major service (http, smtp, etc) has its
own service control program.
replacing each service with tcpserver is pretty straight forward. figure
out who the service needs to run as, how many concurrent connections you'll
allow, and rtfm for tcpserver. shouldn't take more than a few minutes.
note that you probably won't be able to run certain things like
named/apache/sshd from tcpserver, but each of those have similar
functionality built in and can be limited similarly to tcpserver.
shag
