Anyone? And what are the ups and downs of using xinetd on slack?

I think that if you want to set up NFS at some point, then it is used for that, but aside from that, I think it really only applies if you are running a server. I write under correction however

But from a security point of view that I have read in CERT, xinetd makes security better than slack's default inetd. So, why just for servers?

Why, exactly, is xinetd 'more secure' than inetd?

I know that other distros use xinetd, but I would have to laugh at the concept that they are 'more secure' than a well-thought out Slackware server or desktop/laptop.

I think you need to take all claims with a grain of salt. inetd works, is stable, and foremost, does the job. I'm fairly sure there is a reason why Pat has decided to stick with inetd instead of xinetd. There might be other, hidden issues that makes xinetd not feasible for Slackware.

First and foremost, I do not know. This is exactly the reason why I posted this question. Second, although I did not assume that CERT is indeed the fountain of knowledge for all things security, I think there is a reason behind them promoting xinetd instead of just the default inetd.[HTML]http://www.cert.org/tech_tips/unix_security_checklist2.0.html[/HTML]

Indeed, which is why I am asking for everyone's opinion regarding the subject.

xinetd is a replacement for inetd that is more configurable. inetd is a fairly dangerous program because it has no built in protection from malicious attacks (e.g. tar-pitting, flooding, etc.). xinetd HAS built in configurable protections against such attacks.

inetd will happily take as many connections as an attacker will send until your box crashes, it will also happliy try and keep up with data-flooding attacks until your box crashes. Xinetd has configurations to limit these kinds of attacks.

And what are the ups and downs of using xinetd on slack?

The UPs are that it's safer than inetd. The DOWN is that you have to compile, install and configure it yourself. As of this writing, there's no package for S12 on linuxpackages.net.


I think that if you want to set up NFS at some point, then it is used for that, but aside from that, I think it really only applies if you are running a server.

No. Even if you don't run a 'server', if your box uses inetd for ANYTHING, xinetd will make your box more attack resiliant.


Why, exactly, is xinetd 'more secure' than inetd?

Xinetd has built in protection mechanisms against malicious flood-style attacks, inetd has none.


I know that other distros use xinetd, but I would have to laugh at the concept that they are 'more secure' than a well-thought out Slackware server or desktop/laptop.

They are probably less secure in most areas but, xinetd does offer you more protection.


...Pat has decided to stick with inetd instead of xinetd.

Pat is pretty much a wait and see kinda guy with Slackware. My guess is that he's waiting to see if xinetd is a fad or something.


Indeed, which is why I am asking for everyone's opinion regarding the subject.

Xinetd is a good idea to install. I recommend it.