Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd
From: Garance A Drosihn (drosih@rpi.edu)
Date: 08/30/01
- Next message: Allen Landsidel: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Previous message: Brooks Davis: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- In reply to: Brooks Davis: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Next in thread: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Reply: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Aug 2001 17:57:59 -0400 To: Brooks Davis <brooks@one-eyed-alien.net> From: Garance A Drosihn <drosih@rpi.edu>
At 2:23 PM -0700 8/30/01, Brooks Davis wrote:
>On Thu, Aug 30, 2001, Garance A Drosihn wrote:
> > That would be a quick workaround to prevent any remote attacks.
>> It of course means that you won't be accepting jobs from any remote
>> hosts, even if they are listed in /etc/hosts.lpd .
>>
>> Note, however, that '-p' is fairly recent [July 2000], so this
>> workaround would not be available to any older releases. I think
>> that option first showed up in 4.1-RELEASE.
>
>I'd been meaning to ask, is there any good reason not to make the default
>lpd_flags value "-p", at least in 5.0? After all, most machines are
>not print servers even if they do run lpd so they can print.
I want to add "-s" (secure) as a synonym for -p, to match -s in netbsd's
lpr (which predate's freebsd's -p by a few years!). I think it would
make sense to have "-s" setup as the default flags for lpd, but I'll
let the people who have thought more about default-settings say exactly
how that should be implemented.
[actually, I almost think that lpd should default to "secure" operation,
and require someone to specify some startup flag if they DO want to
accept remote print jobs, but that is probably too dramatic of a change.
I also don't know how these flags would interact with the popular
alternatives to the standard lpr/lpd, such as lprNG...]
-- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Allen Landsidel: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Previous message: Brooks Davis: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- In reply to: Brooks Davis: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Next in thread: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Reply: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
