Bug 18253

Summary: lpd: listens on network by default
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: LPRngAssignee: Tim Waugh <twaugh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dr, matthew
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-01-10 10:21:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 2000-10-03 18:55:20 UTC 
Greetings -

On a full default install of RH7.0 I find lpd listening on the network by
default.
There are various reasons why this is a bad idea.
See bug #17756 for one of them ;-)
Looking at the code
- It's not as careful as it could be
- I don't believe it has ever had a full security audit
- There are a large amount of code paths for malicious remote users to
explore (including possibly the kerberos libraries which is a concern)

Surely, running a local print queue, and listening on the network as a
print server, need to be decoupled.

Running a machine as a print server is a very specialised requirement. I
don't think we should inflict it upon workstation users simply wanting to
act as print clients.

In short, we need to carefully consider not listening on the network by
default. Discussion invited :)
Comment 1 Daniel Roesen 2000-10-03 18:59:31 UTC 
I couldn't agree more :->
Comment 2 Crutcher Dunnavant 2000-10-04 18:46:02 UTC 
With LPRng, they CANNOT be decoupled, as all client/server interaction
goes over the network. Though it might be posible to set acces rights,
but printtool does not know how to do this ATM. That said, I am in the process
of planning a print-configuration rewrite, and will look closely at this.
Comment 3 Chris Evans 2001-02-06 17:22:07 UTC 
This seems to be resolved in BETA3, the public beta - excellent!