Date: Thu, 30 Aug 2001 17:57:59 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd Message-ID: <p05101003b7b46478cf15@[128.113.24.47]> In-Reply-To: <20010830142340.A15795@Odin.AC.HMC.Edu> References: <20010830153246.K69164-100000@mail.wlcg.com> <p05101002b7b44cbd3f34@[128.113.24.47]> <20010830142340.A15795@Odin.AC.HMC.Edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2:23 PM -0700 8/30/01, Brooks Davis wrote: >On Thu, Aug 30, 2001, Garance A Drosihn wrote: > > That would be a quick workaround to prevent any remote attacks. >> It of course means that you won't be accepting jobs from any remote >> hosts, even if they are listed in /etc/hosts.lpd . >> >> Note, however, that '-p' is fairly recent [July 2000], so this >> workaround would not be available to any older releases. I think >> that option first showed up in 4.1-RELEASE. > >I'd been meaning to ask, is there any good reason not to make the default >lpd_flags value "-p", at least in 5.0? After all, most machines are >not print servers even if they do run lpd so they can print. I want to add "-s" (secure) as a synonym for -p, to match -s in netbsd's lpr (which predate's freebsd's -p by a few years!). I think it would make sense to have "-s" setup as the default flags for lpd, but I'll let the people who have thought more about default-settings say exactly how that should be implemented. [actually, I almost think that lpd should default to "secure" operation, and require someone to specify some startup flag if they DO want to accept remote print jobs, but that is probably too dramatic of a change. I also don't know how these flags would interact with the popular alternatives to the standard lpr/lpd, such as lprNG...] -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05101003b7b46478cf15>