Mac OS

By default all networking services are disabled, which provides less opportunities for remote attackers. Enabling network services (SSH, Personal Web Sharing, FTP etc.) allows users some form of remote access to the system and should only be permitted if there is an explicit requirement for it. Tiger uses a new daemon management framework to handle system and daemon start up and control in the form of ‘launchd’. Launchd incorporates the functionality of inetd, init, mach_init and SystemStarter and promises to simplify the management of daemons on Mac OS X. In the current version (10.4), either launchd or xinetd are used to control network services, depending on the installation method chosen. The xinetd daemon is started by launchd.

If there are existing xinetd configuration files in the /etc/xinetd.d directory, then xinetd is used to start these services. However, if the configuration files are not present, then launchd is used to start the services, as configured in the /System/Library/LaunchDaemons directory. This can result in inconsistencies between systems, since systems that were upgraded from Panther will use xinetd to control network services, while systems that were cleanly installed will use launchd to control network services. Since launchd was designed as a general daemon management system, it does not offer as many security features for network services as xinetd does; such as IP based access control and limiting connections. If these security services are required then launchd can either be used together with TCP wrappers or xinetd can be used to handle network services.