From owner-freebsd-security  Thu Aug 30 14:57:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id D045337B405
	for <freebsd-security@FreeBSD.ORG>; Thu, 30 Aug 2001 14:57:07 -0700 (PDT)
	(envelope-from brdavis@odin.ac.hmc.edu)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id f7ULNeS16066;
	Thu, 30 Aug 2001 14:23:40 -0700
Date: Thu, 30 Aug 2001 14:23:40 -0700
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Garance A Drosihn <drosih@rpi.edu>
Cc: Rob Simmons <rsimmons@wlcg.com>, freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd
Message-ID: <20010830142340.A15795@Odin.AC.HMC.Edu>
References: <20010830153246.K69164-100000@mail.wlcg.com> <p05101002b7b44cbd3f34@[128.113.24.47]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="ikeVEW9yuYc//A+q"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <p05101002b7b44cbd3f34@[128.113.24.47]>; from drosih@rpi.edu on Thu, Aug 30, 2001 at 04:14:28PM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 30, 2001 at 04:14:28PM -0400, Garance A Drosihn wrote:
> That would be a quick workaround to prevent any remote attacks.
> It of course means that you won't be accepting jobs from any remote
> hosts, even if they are listed in /etc/hosts.lpd .
>=20
> Note, however, that '-p' is fairly recent [July 2000], so this
> workaround would not be available to any older releases.  I think
> that option first showed up in 4.1-RELEASE.

I'd been meaning to ask, is there any good reason not to make the default
lpd_flags value "-p", at least in 5.0?  After all, most machines are
not print servers even if they do run lpd so they can print.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7jq7bXY6L6fI4GtQRAvRnAKDjxP415BAFn5IxY1w+aKyi8iiwpgCeKvVc
thEuu108YR5JWx5/8FfBMKk=
=OAQk
-----END PGP SIGNATURE-----

--ikeVEW9yuYc//A+q--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message