From owner-freebsd-security Fri Aug 31 8:44:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40]) by hub.freebsd.org (Postfix) with ESMTP id F1E8337B407 for ; Fri, 31 Aug 2001 08:44:08 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f7VFhsU132714; Fri, 31 Aug 2001 11:43:54 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20010830184533.C27546@xor.obsecurity.org> References: <20010830153246.K69164-100000@mail.wlcg.com> <20010830142340.A15795@Odin.AC.HMC.Edu> <20010830184533.C27546@xor.obsecurity.org> Date: Fri, 31 Aug 2001 11:43:52 -0400 To: Kris Kennaway From: Garance A Drosihn Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:58.lpd Cc: Brooks Davis , freebsd-security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 6:45 PM -0700 8/30/01, Kris Kennaway wrote: >On Thu, Aug 30, 2001, Garance A Drosihn wrote: > >> [actually, I almost think that lpd should default to "secure" > > operation, and require someone to specify some startup flag if > > they DO want to accept remote print jobs, but that is probably > > too dramatic of a change. I also don't know how these flags > > would interact with the popular alternatives to the standard > > lpr/lpd, such as lprNG...] > >I think that would be a reasonable thing to do at least in 5.0. Hmm. Well, let me think about it a bit more, and see if any other alternatives come to mind. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message