From owner-freebsd-security Thu Aug 30 13:17:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id 566F337B405 for ; Thu, 30 Aug 2001 13:17:15 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f7UKEUl138684; Thu, 30 Aug 2001 16:14:30 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20010830153246.K69164-100000@mail.wlcg.com> References: <20010830153246.K69164-100000@mail.wlcg.com> Date: Thu, 30 Aug 2001 16:14:28 -0400 To: Rob Simmons , From: Garance A Drosihn Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 3:33 PM -0400 8/30/01, Rob Simmons wrote: > >I'm assuming that running lpd with -p to prevent it from opening a >port is also safe? I didn't see that mentioned in the advisory. > >Robert Simmons >Systems Administrator That would be a quick workaround to prevent any remote attacks. It of course means that you won't be accepting jobs from any remote hosts, even if they are listed in /etc/hosts.lpd . Note, however, that '-p' is fairly recent [July 2000], so this workaround would not be available to any older releases. I think that option first showed up in 4.1-RELEASE. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message