On Fri, 9 Nov 2001, Robert Davies wrote:
> On Thursday 08 November 2001 22:32, you wrote <arrrghh!!! who wrote! :P>
> > I stopped using lpr long ago 'coz of all the security 'sploits in it. There
> > are better alternatives out there - CUPS for one.
>
> And what makes you think CUPS doesn't have them to?
Precisely. Nobody can say there aren't just the same problems in other
print server software.
> I basically agree about CUPS being an improvement, basically though because
> of IPP support, and the ease of admin improvements. Just trying to avoid
> complacency, and make the point, that CUPS needs a track record to prove more
> secure than current lpd code.
IMO, the most important point to make is that of privileges. If you
carefully set these things up as a dedicated (non-root) user then there's
a lot less damage these exploits can do :) Further, if you apply kernel
security patches to completey disable an executable stack then buffer
overflows and so forth are not going to happen so easily...in short,
there's a lot you can do to safeguard what happens *when* new
vulnerabilities are discovered in your favourite software without having
to modify the software itself at all.
--jcm
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
This archive was generated by hypermail 2.1.3 : Thu 22 Nov 2001 - 13:19:28 GMT