Date: Thu, 30 Aug 2001 18:50:45 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Kris Kennaway <kris@obsecurity.org> Cc: Garance A Drosihn <drosih@rpi.edu>, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd Message-ID: <20010830185045.A12765@Odin.AC.HMC.Edu> In-Reply-To: <20010830184533.C27546@xor.obsecurity.org>; from kris@obsecurity.org on Thu, Aug 30, 2001 at 06:45:33PM -0700 References: <20010830153246.K69164-100000@mail.wlcg.com> <p05101002b7b44cbd3f34@[128.113.24.47]> <20010830142340.A15795@Odin.AC.HMC.Edu> <p05101003b7b46478cf15@[128.113.24.47]> <20010830184533.C27546@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 30, 2001 at 06:45:33PM -0700, Kris Kennaway wrote: > On Thu, Aug 30, 2001 at 05:57:59PM -0400, Garance A Drosihn wrote: >=20 > > [actually, I almost think that lpd should default to "secure" operation, > > and require someone to specify some startup flag if they DO want to > > accept remote print jobs, but that is probably too dramatic of a change. > > I also don't know how these flags would interact with the popular > > alternatives to the standard lpr/lpd, such as lprNG...] >=20 > I think that would be a reasonable thing to do at least in 5.0. I agree, maybe what we should do is change lpd_flags to -p or -s or what ever for 4.5-RELEASE (it's too late for 4.4 IMO). That would be better for over all security, but wouldn't change lpd's options, just what we pass to it by default. Then for 5.0 we fix lpd to have the sane default and require a new flag to bind a port. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --RnlQjJ0d97Da+TV1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7ju11XY6L6fI4GtQRAgZ5AKCMwt8895/vSC35p7VlGYb7vTrCoACeOB/p P2SPqnwXeFsZmgJCrALt1rA= =VGN1 -----END PGP SIGNATURE----- --RnlQjJ0d97Da+TV1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010830185045.A12765>