Bug 18253 - lpd: listens on network by default
Summary: lpd: listens on network by default
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: LPRng   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-10-03 18:55 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-10 10:21:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chris Evans 2000-10-03 18:55:20 UTC
Greetings -

On a full default install of RH7.0 I find lpd listening on the network by
default.
There are various reasons why this is a bad idea.
See bug #17756 for one of them ;-)
Looking at the code
- It's not as careful as it could be
- I don't believe it has ever had a full security audit
- There are a large amount of code paths for malicious remote users to
explore (including possibly the kerberos libraries which is a concern)

Surely, running a local print queue, and listening on the network as a
print server, need to be decoupled.

Running a machine as a print server is a very specialised requirement. I
don't think we should inflict it upon workstation users simply wanting to
act as print clients.

In short, we need to carefully consider not listening on the network by
default. Discussion invited :)

Comment 1 Daniel Roesen 2000-10-03 18:59:31 UTC
I couldn't agree more :->

Comment 2 Crutcher Dunnavant 2000-10-04 18:46:02 UTC
With LPRng, they CANNOT be decoupled, as all client/server interaction
goes over the network. Though it might be posible to set acces rights,
but printtool does not know how to do this ATM. That said, I am in the process
of planning a print-configuration rewrite, and will look closely at this.

Comment 3 Chris Evans 2001-02-06 17:22:07 UTC
This seems to be resolved in BETA3, the public beta - excellent!



Note You need to log in before you can comment on or make changes to this bug.