Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd

From: Brooks Davis (brooks@one-eyed-alien.net)
Date: 08/31/01

Next message: Kris Kennaway: "Re: Security update packages don't recognized patched 4.3-RELEASE"
Previous message: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
In reply to: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
Next in thread: Garance A Drosihn: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Aug 2001 18:50:45 -0700
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Kris Kennaway <kris@obsecurity.org>

On Thu, Aug 30, 2001 at 06:45:33PM -0700, Kris Kennaway wrote:
> On Thu, Aug 30, 2001 at 05:57:59PM -0400, Garance A Drosihn wrote:
>
> > [actually, I almost think that lpd should default to "secure" operation,
> > and require someone to specify some startup flag if they DO want to
> > accept remote print jobs, but that is probably too dramatic of a change.
> > I also don't know how these flags would interact with the popular
> > alternatives to the standard lpr/lpd, such as lprNG...]
>
> I think that would be a reasonable thing to do at least in 5.0.

I agree, maybe what we should do is change lpd_flags to -p or -s or what
ever for 4.5-RELEASE (it's too late for 4.4 IMO). That would be better
for over all security, but wouldn't change lpd's options, just what we
pass to it by default. Then for 5.0 we fix lpd to have the sane default
and require a new flag to bind a port.

-- Brooks

-- 
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

application/pgp-signature attachment: stored

Next message: Kris Kennaway: "Re: Security update packages don't recognized patched 4.3-RELEASE"
Previous message: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
In reply to: Kris Kennaway: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
Next in thread: Garance A Drosihn: "Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: CreateFile() and FILE_FLAG_WRITE_THROUGH
... BUT this will not work UNLESS you specify the ... FILE_FLAG_NO_BUFFERING flag, ... I have now proved to myself that file metadata is not written ... disk structure to be consistent, this incurs a cost and that's why the ...
(microsoft.public.win32.programmer.kernel)
Re: Creating a self deleting executable using .NET
... FILE_SHARE_DELETE flag set. ... If this is not the case then the second process ... If you open a filestream it's easy to specify the FILE_SHARE_READ + ... It seems to me you want (in addition to other sharing flags that may be ...
(microsoft.public.dotnet.languages.csharp)
Re: Letting a user select a color for a control
... CC_FULLOPEN flag instead of the CC_SOLIDCOLOR flag in order to do this. ... is there any way to specify where on the screen the Color Dialog ... > specify an initial color selection. ... >> something before calling aDialogColor. ...
(microsoft.public.access.modulesdaovba)
Re: reply-to
... but the reply to address appends the servers ... I've figured out that it deals with a sender envelope issue, ... It may be that if you specify the -f option, ... The -r flag is described as an alternate and obsolete form of the ...
(comp.lang.php)
Re: Problem with fopen, linux, and RS-232, possibly
... Are those pins you specified the DCD signal? ... you may want the O_NOCTTY flag to be present. ... Try writing the program using openinstead, and specify the exact ... may be unaware of its "readiness", then any opencall may not block. ...
(comp.lang.c)