LPD: Summary, fury and more

From: Sanjeev B.S. (sanjeev@mbu.iisc.ernet.in)
Date: 10/11/01


Date: Thu, 11 Oct 2001 22:41:01 +0530 (IST)
From: "Sanjeev B.S." <sanjeev@mbu.iisc.ernet.in>
To: <focus-linux@securityfocus.com>
Subject: LPD: Summary, fury and more
Message-ID: <Pine.LNX.4.33.0110112222300.1024-100000@mbu.iisc.ernet.in>

Hello,
        I would like to summerise the responses I got for my earlier
question regarding vulnerability of lpd(LPRng), which finally meant
something like, 'Is it possible to make lpd accessible only from
console of Redhat 7.1?'. Here the responses are:

*************************************************************************

Having said that, you should look at the CUPS system, a drop in
replacement for lpd, which has a higher level of development ears
keeping an eye out for security holes.
- Michael Peddemors

there is an update for that on redhat's site it's at:
ftp://updates.redhat.com/7.1/en/os/i386/LPRng-3.7.4-23.i386.rpm to install
it use, rpm -Fvh LPRng-3.7.4-23.i386.rpm lpd will bind to port 515 tcp and
udp, even on the interface connected to the internet, however a firewall
setup of medium or high will prevent any access (use the lokkit program to
set that)
- dewt

Limit access to your printer via lpd.conf, there's some ways to restrict
hosts by subnet and ip-addresses. tcp-wrappers should be mandatory
nowadays.
- mfG

What about a protected stack and heap area? What
cracker is going to have the knowledge to know that you have a
protected section of memory? Even if they do, they will not take time
to trade someone 200 private codes to write something to bypass an
un-executanle stack or a protected heap.
- John

you can use tcp wrappers and restrict any deamon more like ip based ACL
run the key daemons in chroot mode adds layer of security
and if yu are onlinux try to put some patches to the kernel
like openwall and otehr stuff
- jaguar

*************************************************************************

        Having glanced and tried to understand a bit I fould something
really foul.

        I zeroied on LPRng (CUPS do not 'support', one has to rely of news
groups only). LPRng also has wonderful manual. What was disappointing for
me was there was only hostbased filtering and no console based. (Or did I
miss that?). Then by accident I discovered that PAM MIGHT allow me to do
that... While trying to understand how it works, there was a nasty
surprise. On Redhat 7.1, anyone can (even remote users), by default, halt
the machine! (I suspect even poweroff, shutdown and reboot have same
problems)

        I am trying to get out of PAM web... Is there any solution with
anyone? I am almost zero when it comes to PAM. Web was of no use to me :-(

Thanks a lot for the support till now... and also for any reply,

Wishing you a nice day,
-Sanjeev