From owner-freebsd-stable Sat Jun 2 22:11:33 2001 Delivered-To: freebsd-stable@freebsd.org Received: from ogyo.pointer-software.com (ogyo.pointer-software.com [210.164.96.147]) by hub.freebsd.org (Postfix) with ESMTP id 9CF2A37B424 for ; Sat, 2 Jun 2001 22:11:27 -0700 (PDT) (envelope-from horio@pointer-software.com) Received: from long.near.this (long.near.this [10.0.172.9]) by ogyo.pointer-software.com (8.11.1/8.11.1) with ESMTP id f535BPF18314 for ; Sun, 3 Jun 2001 14:11:25 +0900 (JST) Received: from pointer-software.com (char.near.this [10.0.172.11]) by long.near.this (8.11.1/8.9.3) with ESMTP id f535BOP44369 for ; Sun, 3 Jun 2001 14:11:24 +0900 (JST) Message-ID: <3B19C6FC.9B74A1CF@pointer-software.com> Date: Sun, 03 Jun 2001 14:11:24 +0900 From: horio shoichi Organization: pointer software X-Mailer: Mozilla 4.76 [ja] (X11; U; Linux 2.2.18pre21 i686) X-Accept-Language: en, ja MIME-Version: 1.0 To: freebsd-stable@FreeBSD.ORG Subject: Re: Malformed from address References: <000001c0eba9$4f34e1c0$271978d8@cts.com> Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Morgan Davis wrote: > > In looking at the lpd.c code (and netinet/in.h), the logic in lpd.c's > test seems to be wrong (or is missing a !): > > if (error || atoi(serv) >= IPPORT_RESERVED) > fatal(0, "Malformed from address"); > > This would imply that any port at or above the IPPORT_RESERVED > threshhold is illegal, which (I think) is clearly wrong. Shouldn't it > be < IPPORT_RESERVED? Or better still: > > --Morgan > rfc 1179 states: 3.1 Message formats LPR is a a TCP-based protocol. The port on which a line printer daemon listens is 515. The source port must be in the range 721 to 731, inclusive. A line printer daemon responds to commands send to so lpd.c implementation is politically correct. (However, to be religiously correct, checking the source port number precisely within the range is necessary. Interestingly CultBSD only checks if source port is 20.) Since modifying source ends up in political (or religious) war, avoid using lpd. instead consider move to LPRng. It has the nice feature of breaking the rfc, which means connection from ephemeral ports are allowed, which in turn means lpr, lprm, and lpq do not require setuid root. In fact, a part of my LPRng-3.7.4 directory: =2=troll/opt1/horio/HOT> ls -l /usr/local/lpr/bin total 2996 drwxr-xr-x 2 root wheel 512 Apr 11 06:17 ./ drwxr-xr-x 6 root wheel 512 Apr 11 06:17 ../ lrwxr-xr-x 1 root wheel 4 Apr 11 06:17 cancel@ -> lprm lrwxr-xr-x 1 root wheel 3 Apr 11 06:17 lp@ -> lpr -rwxr-xr-x 1 root wheel 365460 Apr 11 06:17 lpq* -rwxr-xr-x 1 root wheel 378388 Apr 11 06:17 lpr* -rwxr-xr-x 1 root wheel 363412 Apr 11 06:17 lprm* -rwxr-xr-x 1 root wheel 368884 Apr 11 06:17 lpstat* =3=troll/opt1/horio/HOT> file /usr/local/lpr/bin/lp* /usr/local/lpr/bin/lp: symbolic link to lpr /usr/local/lpr/bin/lpq: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked, stripped /usr/local/lpr/bin/lpr: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked, stripped /usr/local/lpr/bin/lprm: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked, stripped /usr/local/lpr/bin/lpstat: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked, stripped =4=troll/opt1/horio/HOT> HTH, horio shoichi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message