On Tue, 5 May 1998, Chris Evans wrote:
>
> On Tue, 5 May 1998, Eric L. Green <[EMAIL PROTECTED]> wrote:
>
> > Known problem. Check the erratta to see if Red Hat's last security update
> > fixed it. (I doubt it, they only seem interested in security problems, not
> > in fixing the bugs that infest the lpd daemon in their distribution).
>
> Indeed. As the "discoverer" of the first lprm security hole, I was not
> impressed with the thoroughness with which the security issues present in
> the "lpr" package were addressed.
Not just security holes. Try this some time:
lpr -c /etc/printcap
*BOOM* Red Hat printer daemon crashed. (If you're wondering why, go browse
through "printjob.c" and note what happens if you don't have a print
filter defined -- it tries to execve a NULL pointer!).
Also note that this is FIXED in the *BSD lpd daemons. Red Hat doesn't have
to rewrite the lpd daemon -- all they need to do is go fetch the OpenBSD
one and they'll have a nice secure one. But...
Eric Lee Green [EMAIL PROTECTED] Executive Consultants
Systems Specialist Educational Administration Solutions
Louisiana Residents: Important: See http://members.tripod.com/~latrails
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
