NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/59493: Add insecure option to lpd
The following reply was made to PR bin/59493; it has been noted by GNATS.
From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: bin/59493: Add insecure option to lpd
Date: Mon, 30 Jun 2025 06:24:25 -0000 (UTC)
perseant%nbdev.hhhh.org@localhost writes:
> lpd(8) provides network access control using hosts_access(5) and
> requires reverse DNS to serve requests from the network. In a modern
> setting, host access is generally provided via host firewall, and
> in a small network setting, anonymous clients are common. The patch
> below provides a flag, -i, that disables the network security checks
> for cases where they do not make sense (e.g. home network, or
> a host that already uses npf(7) for access control).
While I agree that allowing clients without DNS entry is necessary,
I don't like this "ignore everything" setting. In particular, it
bypasses tcp wrappers and the port check silently.
An option to only skip the hosts.lpd check is better. Enhancing
the check to also handle IP addresses and subnets (then you could
enable your subnet or even 0/0) is another.
Home |
Main Index |
Thread Index |
Old Index