Red Hat Bugzilla – Bug 18253
lpd: listens on network by default
Last modified: 2008-05-01 11:37:59 EDT
On a full default install of RH7.0 I find lpd listening on the network by
There are various reasons why this is a bad idea.
See bug #17756 for one of them ;-)
Looking at the code
- It's not as careful as it could be
- I don't believe it has ever had a full security audit
- There are a large amount of code paths for malicious remote users to
explore (including possibly the kerberos libraries which is a concern)
Surely, running a local print queue, and listening on the network as a
print server, need to be decoupled.
Running a machine as a print server is a very specialised requirement. I
don't think we should inflict it upon workstation users simply wanting to
act as print clients.
In short, we need to carefully consider not listening on the network by
default. Discussion invited :)
I couldn't agree more :->
With LPRng, they CANNOT be decoupled, as all client/server interaction
goes over the network. Though it might be posible to set acces rights,
but printtool does not know how to do this ATM. That said, I am in the process
of planning a print-configuration rewrite, and will look closely at this.
This seems to be resolved in BETA3, the public beta - excellent!