From owner-freebsd-arch  Thu Jul  6 20: 9:31 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44])
	by hub.freebsd.org (Postfix) with ESMTP id F35F437BCDF
	for <arch@FreeBSD.ORG>; Thu,  6 Jul 2000 20:09:23 -0700 (PDT)
	(envelope-from Cy.Schubert@uumail.gov.bc.ca)
Received: (from daemon@localhost)
	by point.osg.gov.bc.ca (8.8.7/8.8.8) id UAA32372;
	Thu, 6 Jul 2000 20:07:49 -0700
Received: from passer.osg.gov.bc.ca(142.32.110.29)
 via SMTP by point.osg.gov.bc.ca, id smtpda32370; Thu Jul  6 20:05:26 2000
Received: (from uucp@localhost)
	by passer.osg.gov.bc.ca (8.9.3/8.9.1) id UAA45645;
	Thu, 6 Jul 2000 20:05:15 -0700 (PDT)
Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com"
 via SMTP by passer9.cwsent.com, id smtpdz45643; Thu Jul  6 20:05:02 2000
Received: (from uucp@localhost)
	by cwsys.cwsent.com (8.10.2/8.9.1) id e67351q73464;
	Thu, 6 Jul 2000 20:05:01 -0700 (PDT)
Message-Id: <200007070305.e67351q73464@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdD73454; Thu Jul  6 20:04:56 2000
X-Mailer: exmh version 2.1.1 10/15/1999
Reply-To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
X-OS: FreeBSD 4.0-STABLE
X-Sender: cy
To: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@osg.gov.bc.ca>
Cc: papowell@astart.com, sheldonh@uunet.co.za,
	andrews@technologist.com, arch@FreeBSD.ORG, will@almanac.yi.org
Subject: Re: was: Bringing LPRng into FreeBSD? 
In-reply-to: Your message of "Thu, 06 Jul 2000 19:46:53 PDT."
             <200007070247.e672l2R73279@cwsys.cwsent.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 06 Jul 2000 20:04:55 -0700
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Oops.  Looks like I was wrong.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC

In message <200007070247.e672l2R73279@cwsys.cwsent.com>, Cy Schubert - 
ITSD Ope
n Systems Group writes:
> In message <200007060333.UAA23827@h4.private>, papowell@astart.com 
> writes:
> > > From sheldonh@axl.ops.uunet.co.za Mon Jun 26 02:46:32 2000
> > > From: Sheldon Hearn <sheldonh@uunet.co.za>
> > > To: arch@FreeBSD.ORG
> > > cc: papowell@astart.com
> > > Subject: Re: was: Bringing LPRng into FreeBSD? 
> > > Date: Mon, 26 Jun 2000 11:46:23 +0200
> > >
> > >
> > > Could someone just enumerate the advantages of importing LPRng?  It
> > > seems to be a package which can me made to do everything FreeBSD's lpr
> > > can do, but it does not seem to be a superset of FreeBSD's lpr.  This
> > > means that there is a cost associated with bringing it in as a
> > > replacement.
> > >
> > > Are we sure that the cost is justified?  Is it so much better than the
> > > existing lpr that having it available as a port is "not enough"?
> > >
> > > I have no stsrong opinion one way or the other, but I do get the feeling
> > > that this thread has skipped an important issue, instead focusing on
> > > licensing.  This looks like a little cart before horse.
> > 
> > I started the work on LPRng with one major goal in mind: make it
> > secure when used in a Computer Science Laboratory.  For example,
> > LPRng does not need to run SETUID root unless compatibility with
> > vintage or legacy printing systems such is required.  The code is
> > extremely paranoid about all buffer sizes, string lengths, and so
> > forth, and goes to great lengths to check for various know hacker
> > attacks as well.  In addition,   there are facilities to use
> > encryption and Kerberos based authentication to prevent abuse
> > of the printing system.
> 
> An additional degree of security can be obtained by removing the setuid 
> bit from Berkeley lpr and running it setgid "lpr".  One could even turn 
> off the setgid bit and make the lpd spool directories world writable 
> with the sticky bit turned on.  Of course this comes at the price of 
> reduced functionality, e.g. lpr -r won't work any more.
> 
> I'd suggest making lpr setgid "lpr" or running LPRng "secured" and 
> providing instructions or a script for sysadmins to enable/disable the 
> additional functionality by turning on/off the setuid bit.
> 
> Posix.1e will go a long way to mitigate some of these issues and may 
> make much of this moot.
> 
> 
> Regards,                       Phone:  (250)387-8437
> Cy Schubert                      Fax:  (250)387-5766
> Team Leader, Sun/DEC Team   Internet:  Cy.Schubert@osg.gov.bc.ca
> Open Systems Group, ITSD, ISTA
> Province of BC
> 
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-arch" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message