Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd

From: Kris Kennaway (kris@obsecurity.org)
Date: 08/30/01


Date: Thu, 30 Aug 2001 12:39:48 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: Rob Simmons <rsimmons@wlcg.com>


On Thu, Aug 30, 2001 at 03:33:54PM -0400, Rob Simmons wrote:
> I'm assuming that running lpd with -p to prevent it from opening a port is
> also safe? I didn't see that mentioned in the advisory.

It would probably make it safe from being *remotely* exploited. Local
users who can submit jobs can still do it.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages

  • RE: Concepts: Security and Obscurity
    ... First I have to state an assumption of a single firewall in the cases mentioned as I fail to see why adding SPA to a dual layered authenticated system would be adding anything at all other than trouble with users. ... Subject: Concepts: Security and Obscurity ... You send me a SYN to a given port ... "If I take a letter, lock it in a safe, hide the safe somewhere in New ...
    (Security-Basics)
  • Re: Concepts: Security and Obscurity
    ... I send you an RST/ACK for that port ... An ACL saying traffic gets dropped or rejected to port X. So unless you have some revolutionary way to simply bypass firewall ACLs, you're basking in the darkness of futility here, my friend. ... so that you get 8*16 bits or 128 bits of security ... "If I take a letter, lock it in a safe, hide the safe somewhere in New ...
    (Security-Basics)
  • Re: More on garbage
    ... If we're talking about allowing port X inbound to host H, ... > program listening to port X on host H is safe. ... > you will make a mistake that damages security when using default deny. ...
    (sci.crypt)
  • Re: More on garbage
    ... If we're talking about allowing port X inbound to host H, ... program listening to port X on host H is safe. ... you will make a mistake that damages security when using default deny. ...
    (sci.crypt)
  • netstat makes a Firewall redundant?
    ... I see no output (other than 2 lines of 127.0.0 which is safe). ... Doing netstat regularly is ... If you want to close port 139, ... BTW, can someone list useful commands e.g. netstat, nbtstat, arp. ...
    (comp.security.firewalls)