From owner-freebsd-security  Sat Nov  2 10:35:06 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id KAA10682
          for security-outgoing; Sat, 2 Nov 1996 10:35:06 -0800 (PST)
Received: from cwsys.cwent.com (cschuber.net.gov.bc.ca [142.31.240.113])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA10660
          for <security@freebsd.org>; Sat, 2 Nov 1996 10:35:00 -0800 (PST)
Received: from cwsys (1000@localhost [127.0.0.1]) by cwsys.cwent.com (8.8.2/8.6.10) with ESMTP id KAA00905; Sat, 2 Nov 1996 10:33:13 -0800 (PST)
Message-Id: <199611021833.KAA00905@cwsys.cwent.com>
Reply-to: cschuber@uumail.gov.bc.ca
X-Mailer: Xmh
To: Warner Losh <imp@village.org>
cc: Marc Slemko <marcs@znep.com>, security@freebsd.org
Subject: Re: Vadim Kolontsov: BoS: Linux & BSD's lpr exploit 
In-reply-to: Your message of "Fri, 25 Oct 1996 18:16:59 MDT."
             <E0vGwQt-0002j6-00@rover.village.org> 
Date: Sat, 02 Nov 1996 10:33:07 -0800
From: Cy Schubert <cy@cwsys.cwent.com>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> In message <Pine.BSF.3.95.961025174911.27697E-100000@alive.ampr.ab.ca>
> Marc Slemko writes:  
> : I would also suggest that perhaps it is even worth scrapping lpr entirely. 
> : There are numerous other security changes in the OpenBSD source tree, and
> : even then I would bet there are still other problems with the code.
> 
> Yes.  There are a boatload.  And a bunch more just went in today.
> Many of them are very defensive programming, and seem to be somewhat
> sane.  I'm not sure how many of them should have some kind of warning
> generated when they are triggered.  It all depends on how paranoid you
> are :-).  I don't have a good answer for that.  At the very least
> OpenBSD will be much less likely to be breached, which is likely the
> most important thing.

Sorry for the lateness of this reply.  I've been spending the
morning catching up on the various mailing lists I subscribe to.

How about an LPRng port?  Then it would be up to each individual
sysadmin whether to use a possibly more secure non-BSD print
subsystem or the existing insecure print subsystem.  The port could
disable the BSD LPR/LPD by filing off the s and x bits.  If the the
sysadmin opts to pkg_delete the LPRng package, the BSD print
subsystem would be re-enabled.


Regards,                       Phone:  (604)389-3827
Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
ITSD                        Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

                "Quit spooling around, JES do it."