On Wed, 18 Aug 1999, Matthew Dillon wrote:
> :For the general case (eg the code checked into the system), the check
> :needs to remain enabled. Anything else is insecure.
> :
> :Warner
Oh, absolutely. However, one of the reasons people use an operating system
they have source to is to make it w
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
I have to agree... whenever one starts discussing weird, esoteric
workarounds one inevitably introduces security holes. I really think
just disablin
In message
David Scheidt writes:
: Couldn't you turn it off only for NFS mounted files?
For the general case (eg the code checked into the system), the check
needs to remain enabled. Anything else is insecure.
Warner
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe free
At 8:48 AM -0500 8/18/99, David Scheidt wrote:
On Tue, 17 Aug 1999, Garance A Drosihn wrote:
> At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
> >If you removed the stat test, I would simply get rid of the -s
> >option entirely - require that all files be queued to the print
> >spool
On Wed, 18 Aug 1999, Matthew Dillon wrote:
> :For the general case (eg the code checked into the system), the check
> :needs to remain enabled. Anything else is insecure.
> :
> :Warner
Oh, absolutely. However, one of the reasons people use an operating system
they have source to is to make it
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
I have to agree... whenever one starts discussing weird, esoteric
workarounds one inevitably introduces security holes. I really think
just disabli
In message <[EMAIL PROTECTED]> David
Scheidt writes:
: Couldn't you turn it off only for NFS mounted files?
For the general case (eg the code checked into the system), the check
needs to remain enabled. Anything else is insecure.
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "
At 8:48 AM -0500 8/18/99, David Scheidt wrote:
>On Tue, 17 Aug 1999, Garance A Drosihn wrote:
>
> > At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
> > >If you removed the stat test, I would simply get rid of the -s
> > >option entirely - require that all files be queued to the print
> > >
On Tue, 17 Aug 1999, Garance A Drosihn wrote:
> At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
> >If you removed the stat test, I would simply get rid of the -s
> >option entirely - require that all files be queued to the print
> >spool.
>
> The administration would kill me. I would
On Tue, 17 Aug 1999, Garance A Drosihn wrote:
> At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
> >If you removed the stat test, I would simply get rid of the -s
> >option entirely - require that all files be queued to the print
> >spool.
>
> The administration would kill me. I woul
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
If you removed the stat test, I would simply get rid of the -s
option entirely - require that all files be queued to the print
spool.
The administration would kill me. I would prefer to avoid that.
(note that the check isn't completely
:lpr has the '-s' option that tells it to create a symlink to
:the file you want to print, instead of copying the file into
:...
:has not changed, if the standard st_dev+st_ino check is not
:going to work? Seems to me I should be checking something,
:instead of just ignoring the issue for NFS moun
lpr has the '-s' option that tells it to create a symlink to
the file you want to print, instead of copying the file into
the spool directory. As a security precaution, it does a
'stat' call on the file it links to, and saves away the
device_id and file_number that it found.
When lpd later goes
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
>If you removed the stat test, I would simply get rid of the -s
>option entirely - require that all files be queued to the print
>spool.
The administration would kill me. I would prefer to avoid that.
(note that the check isn't complet
:lpr has the '-s' option that tells it to create a symlink to
:the file you want to print, instead of copying the file into
:...
:has not changed, if the standard st_dev+st_ino check is not
:going to work? Seems to me I should be checking something,
:instead of just ignoring the issue for NFS mou
lpr has the '-s' option that tells it to create a symlink to
the file you want to print, instead of copying the file into
the spool directory. As a security precaution, it does a
'stat' call on the file it links to, and saves away the
device_id and file_number that it found.
When lpd later goes
16 matches
Mail list logo
