On Thu, May 09, 2013 at 10:22:11PM -0500, Yaron wrote:
> inetd/xinetd are... or at least USED to be what started up, well,
> internet services. The idea was that you didn't have individual
> programs listening on specific ports - you just had inetd running.
> It'd listen on specified ports and when an incomming connection was
> made, it'd route it to the correct program.
> 
> For example, if there was a connection on port 79, it would throw it
> to finger. Port 23 would get thrown to telnet, 20/21 would go to
> ftp, etc.
> 
> On secure systems it is common practice to disable inetd/xinetd...
> and frankly I'm pretty sure it's dead by default on most modern
> systems. It's basically a very outdated method of listening for
> incomming connections.

Why is it outdated?

>                        Nowadays most programs/protocols just run
> their own daemons. inetd is both a security risk

Not necessarily, with the proper SELinux domain enforcement it can be
as secure as starting daemons from init.

>                                                  and no longer
> needed because we have plenty of memory/other resources.

We might have that, once the system gets to steady state.  But, why
should I wait for init to spawn all those services, when I want to get
first to the desktop?  Or to some other service that is critical, and
I just rebooted the machine for an update.

What goes around, comes around.  Behold, systemd!

Cheers,
florin

-- 
Sent from my other microwave oven.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20130509/03f740a0/attachment.pgp>