Date: Wed, 18 Aug 1999 15:37:51 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Warner Losh <imp@village.org> Cc: David Scheidt <dscheidt@enteract.com>, Garance A Drosihn <drosih@rpi.edu>, Matthew Dillon <dillon@apollo.backplane.com>, hackers@FreeBSD.ORG Subject: Re: lpd security check for changed-file vs NFS Message-ID: <199908182237.PAA49807@apollo.backplane.com> References: <Pine.NEB.3.96.990818084611.33224A-100000@shell-2.enteract.com> <199908182233.QAA27771@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
I have to agree... whenever one starts discussing weird, esoteric
workarounds one inevitably introduces security holes. I really think
just disabling the -s option may be the best solution.
Garance: I recommend you actually check to see how big your printer spools
get. If they look reasonable then turning off -s is not going to hurt
anything. I expect that most users don't even know the option exists and
so don't use it anyway.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908182237.PAA49807>