From owner-freebsd-security  Sat Jun  2 20:36:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.rpi.edu (mail.rpi.edu [128.113.22.40])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0528C37B423; Sat,  2 Jun 2001 20:36:23 -0700 (PDT)
	(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail.rpi.edu (8.11.3/8.11.3) with ESMTP id f533aHS51242;
	Sat, 2 Jun 2001 23:36:17 -0400
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <p05100e01b73f5ea0b961@[128.113.24.47]>
In-Reply-To: <153770000.991535023@vpn5.ece.cmu.edu>
References: <000801c0ebd3$932adae0$271978d8@cts.com>
 <153770000.991535023@vpn5.ece.cmu.edu>
Date: Sat, 2 Jun 2001 23:36:14 -0400
To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>,
	Morgan Davis <mdavis@cts.com>, "'Hajimu UMEMOTO'" <ume@mahoroba.org>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: RE: Malformed from address
Cc: freebsd-stable@FreeBSD.org, security@FreeBSD.org,
	wollman@FreeBSD.org, freebsd-print@bostonradio.org
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 10:23 PM -0400 6/2/01, Brandon S. Allbery KF8NH wrote:
>On Saturday, June 02, 2001, Morgan Davis <mdavis@cts.com> wrote:
>+-----
>| > printer client must bind source port to within IPPORT_RESERVED.
>|
>| "Yeah, right." -- Bill Gates  :-)
>+--->8
>
>If you want to be pedantic, the source port is supposed to be
>between 729 and 739 IIRC.  Which is a ridiculous restriction
>that causes lpd to fall flat on its face when used with 50+
>printers and several hundred clients.

I don't understand this statement, but then I will have to admit
I am not an expert in network programming under Unix.  In any
case, we have about five print servers, which drive something
like 200+ print queues, and those servers accept jobs from about
600 different hosts.  I am not aware of lpd falling flat on it's
fact here...in fact it seems to work reasonably well.

Isn't this port range only going to be a limiting factor on the
SENDING machine?  In that case, the issue is not how many printers
you have, but how many different users on a single machine might
be printing to different remote-printers at the same time.  If
that is the issue, then I can believe that we (here at RPI) might
just happen to avoid the problem.

>(But as someone else noted, the test was in fact backwards and
>*rejected* reserved ports, so it should be at minimum fixed
>and at best removed or made configurable.)

When you catch up with the recent email, you'll see that the
check is correct.  It does not reject reserved ports, obviously,
as then it would have to reject jobs from other unix machines.

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message