From owner-freebsd-security Tue Nov 17 10:19:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA18504 for freebsd-security-outgoing; Tue, 17 Nov 1998 10:19:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA18485 for ; Tue, 17 Nov 1998 10:19:17 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id NAA26453; Tue, 17 Nov 1998 13:18:27 -0500 (EST) (envelope-from wollman) Date: Tue, 17 Nov 1998 13:18:27 -0500 (EST) From: Garrett Wollman Message-Id: <199811171818.NAA26453@khavrinen.lcs.mit.edu> To: Garance A Drosihn Cc: Matthew Dillon , freebsd-security@FreeBSD.ORG Subject: Re: making 'lpd' under FreeBSD more secure In-Reply-To: References: <199811162114.PAA06569@s07.sa.fedex.com> <199811170527.VAA23429@apollo.backplane.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I think lpd needs root access for more than just binding to the > port, although I haven't looked at the code yet to remember why > I think that... Still, someone recently went thru the other I was working on a rewrite of lpd at the beginning of the year which unfortunately got stalled. It's possible to have an lpd which runs unprivileged if you give up on hosts.lpd ``authentication'' and are willing to abandon a few other features. Much more useful, in my view, would be work to make lpr run unprivileged -- which is fairly easy to do, conceptually, but hard in practice. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message