From owner-freebsd-current  Sun Jul 16 17:15:11 2000
Delivered-To: freebsd-current@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 5B1FD37B644
	for <current@FreeBSD.ORG>; Sun, 16 Jul 2000 17:15:08 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id UAA00415;
	Sun, 16 Jul 2000 20:15:05 -0400 (EDT)
	(envelope-from wollman)
Date: Sun, 16 Jul 2000 20:15:05 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200007170015.UAA00415@khavrinen.lcs.mit.edu>
To: Christopher Masto <chris@netmonger.net>
Cc: Garance A Drosihn <drosih@rpi.edu>,
	"Louis A. Mamakos" <louie@TransSys.COM>,
	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, current@FreeBSD.ORG
Subject: Re: Request for comments: new `lpd' suite feature
In-Reply-To: <20000716164658.A25557@netmonger.net>
References: <200007142139.RAA88779@khavrinen.lcs.mit.edu>
	<v0421010db59547b0a7e1@[128.113.24.47]>
	<200007150409.AAA32685@whizzo.transsys.com>
	<v04210113b597aec12e89@[128.113.24.47]>
	<20000716164658.A25557@netmonger.net>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

<<On Sun, 16 Jul 2000 16:46:58 -0400, Christopher Masto <chris@netmonger.net> said:

> Huh?  Security through ignorance?

Remember that `lpr' is setuid-root and uses a ``privileged'' port for
its communications.  Many sites may still be using trusted-host
``authentication'' internally, and LPRng's ``feature'' may enable a
compromise of some such service.  (Got enough scare quotes there?)

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message