Bug 16562 - tfpd started by default
Summary: tfpd started by default
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tftp
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
: 16558 16559 16560 16561 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2000-08-19 04:24 UTC by Adrian Likins
Modified: 2014-03-17 02:15 UTC (History)
2 users (show)

Clone Of:
Last Closed: 2000-08-19 04:24:51 UTC

Attachments (Terms of Use)

Description Adrian Likins 2000-08-19 04:24:49 UTC
tfpd-server is part of the "network server" comp,
and when installed, it is started automatically
via xinetd. Especially considering that this
comp gets included in "web server" and "ftp server"
and "DNS name server", all of which increase the
likelyhood of a machine being attacked or DoS'ed
greatly. Having stuff like tfpd running is
not a good thing for this type of machine.

Comment 1 Jeff Johnson 2000-08-19 14:03:33 UTC
Feature: installing the package enables the service. Don't install if you don't
want. the service

Comment 2 Jeff Johnson 2000-08-19 14:04:12 UTC
*** Bug 16561 has been marked as a duplicate of this bug. ***

Comment 3 Jeff Johnson 2000-08-19 14:04:45 UTC
*** Bug 16560 has been marked as a duplicate of this bug. ***

Comment 4 Jeff Johnson 2000-08-19 14:05:21 UTC
*** Bug 16559 has been marked as a duplicate of this bug. ***

Comment 5 Jeff Johnson 2000-08-19 14:05:59 UTC
*** Bug 16558 has been marked as a duplicate of this bug. ***

Comment 6 Adrian Likins 2000-08-21 16:57:00 UTC
The comp "Network Server" should then be removed from
any standard comp. Starting most of the services in
the "Network Server" comp by default is a mistake
in almost all cases. I can't think of many cases
where someone needs tftp or fingerd running
where they wouldnt be able to figure out
how to start it manually.

With the current comps file, all of these
useless services get installed and started
with a default config with almost any network
related comp. This is going to cause problems.
I can count the number of people running
a "Web Server" who automatically wont tftpd
and talkd running on 0 hands. This is a
bad idea. 

I dont think the standard user, or the
power user or admin, is going to
expect the "Web Server" installation
option to startup a finger server or
a talk server. This is extremely unexpected

Suggestion: move finger, talk, tftp,rwall,
rusers,telnet, and ypserver to a "Misc Network
Services" comp and _DO NOT_ include them
in any of the Web/NFS/SMB/DNS/yp/News/etc
server comps. 

Note You need to log in before you can comment on or make changes to this bug.