security risk of having a long list of services in inetd

From: "Paul Dufresne" <dufresnep@xxxxxxxxx>
Date: Fri, 29 Aug 2008 23:51:02 -0400

From: Paul Dufresne <dufresnep@xxxxxxxxx>

For myself, rkhunter give warning about inetd.
Looking to /etc/services, I found that Debian seems to like to have a
very big file with all known services rather than just add the
services needed. I don't even knows if other distributions does just
add the needed services.

That file is just a mapping of service names and ports, it has no relation
to services that are actually running.

Yes, I know. But as I see it, each mapping is like a *possible* door
to the Internet.
When there is so much, it become too hard to look at each door to see
if there is a program behind,
and if it does what it should.

Moreover I now see that /etc/hosts.allow and /etc/hosts.deny are empty
(well just comments), which means that it is open to everybody.

Taken from http://en.wikipedia.org/wiki/Inetd :
"the long list of services that inetd traditionally provided gave
computer security experts pause. The possibility of a service having
an exploitable flaw, or the service just being abused, had to be
considered. Unnecessary services were disabled and off by default
became the mantra. It is not uncommon to find an /etc/inetd.conf with
almost all the services commented out in a modern Unix distribution."

This begin to look like a discussion for developper list however.

--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx

Follow-Ups:
- Re: security risk of having a long list of services in inetd
  - From: Eduardo M KALINOWSKI
- Re: security risk of having a long list of services in inetd
  - From: Thomas Weinbrenner

Prev by Date: Re: iPod Nano
Next by Date: Can't Detach from a startup script
Previous by thread: re: LiloCan't Boot vmlinuz-2.6.26-1-amd64
Next by thread: Re: security risk of having a long list of services in inetd
Index(es):
- Date
- Thread

Relevant Pages

Re: security risk of having a long list of services in inetd
... I don't even knows if other distributions does just ... That file is just a mapping of service names and ports, ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: When stability is pointless
... the distributions, despite the fact that the software I maintain is ... distributions need to figure out where to spend their staff time, ... Regarding documentation though, I guess the situation is easier in my ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: Will Linux become as vulnerable as MS ??
... > Nils Petter Vaskinn wrote: ... >> So Linux as such won't be any more vulnerable, ... > And more distros that by default leave the door wide open. ... Reality is that we have been seeing most distributions _closing_ such ...
(comp.os.linux.security)
Re: [OT] top posting
... I'd tell you why that's not true but there's a bunch of mean ... looking guys at my door. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
(Debian-User)
Re: Good fdisk Practices
... I don't usually make the root filesystem an LVM volume, ... In most distributions it's quite small and making it a "normal" partition makes some recovery scenarios easier -- it's just one less thing that has to work for the system to boot into single user mode. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
(Debian-User)