From owner-freebsd-security  Thu Aug 30 15: 1:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP id 402B137B403
	for <freebsd-security@FreeBSD.ORG>; Thu, 30 Aug 2001 15:01:25 -0700 (PDT)
	(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f7ULw2l143758;
	Thu, 30 Aug 2001 17:58:02 -0400
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p05101003b7b46478cf15@[128.113.24.47]>
In-Reply-To: <20010830142340.A15795@Odin.AC.HMC.Edu>
References: <20010830153246.K69164-100000@mail.wlcg.com>
 <p05101002b7b44cbd3f34@[128.113.24.47]>
 <20010830142340.A15795@Odin.AC.HMC.Edu>
Date: Thu, 30 Aug 2001 17:57:59 -0400
To: Brooks Davis <brooks@one-eyed-alien.net>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd
Cc: freebsd-security@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 2:23 PM -0700 8/30/01, Brooks Davis wrote:
>On Thu, Aug 30, 2001, Garance A Drosihn wrote:
>  > That would be a quick workaround to prevent any remote attacks.
>>  It of course means that you won't be accepting jobs from any remote
>>  hosts, even if they are listed in /etc/hosts.lpd .
>>
>>  Note, however, that '-p' is fairly recent [July 2000], so this
>>  workaround would not be available to any older releases.  I think
>>  that option first showed up in 4.1-RELEASE.
>
>I'd been meaning to ask, is there any good reason not to make the default
>lpd_flags value "-p", at least in 5.0?  After all, most machines are
>not print servers even if they do run lpd so they can print.

I want to add "-s" (secure) as a synonym for -p, to match -s in netbsd's
lpr (which predate's freebsd's -p by a few years!).  I think it would
make sense to have "-s" setup as the default flags for lpd, but I'll
let the people who have thought more about default-settings say exactly
how that should be implemented.

[actually, I almost think that lpd should default to "secure" operation,
and require someone to specify some startup flag if they DO want to
accept remote print jobs, but that is probably too dramatic of a change.
I also don't know how these flags would interact with the popular
alternatives to the standard lpr/lpd, such as lprNG...]

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message