This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 18253 - lpd: listens on network by default
lpd: listens on network by default
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: LPRng (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-03 14:55 EDT by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-01-10 05:21:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Evans 2000-10-03 14:55:20 EDT
Greetings -

On a full default install of RH7.0 I find lpd listening on the network by
default.
There are various reasons why this is a bad idea.
See bug #17756 for one of them ;-)
Looking at the code
- It's not as careful as it could be
- I don't believe it has ever had a full security audit
- There are a large amount of code paths for malicious remote users to
explore (including possibly the kerberos libraries which is a concern)

Surely, running a local print queue, and listening on the network as a
print server, need to be decoupled.

Running a machine as a print server is a very specialised requirement. I
don't think we should inflict it upon workstation users simply wanting to
act as print clients.

In short, we need to carefully consider not listening on the network by
default. Discussion invited :)
Comment 1 Daniel Roesen 2000-10-03 14:59:31 EDT
I couldn't agree more :->
Comment 2 Crutcher Dunnavant 2000-10-04 14:46:02 EDT
With LPRng, they CANNOT be decoupled, as all client/server interaction
goes over the network. Though it might be posible to set acces rights,
but printtool does not know how to do this ATM. That said, I am in the process
of planning a print-configuration rewrite, and will look closely at this.
Comment 3 Chris Evans 2001-02-06 12:22:07 EST
This seems to be resolved in BETA3, the public beta - excellent!

Note You need to log in before you can comment on or make changes to this bug.