Subject: HylaFAX security advisory and config changes
To: None <tech-pkg@netbsd.org>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: tech-pkg
Date: 06/29/2002 13:42:34
Hi,
the freshly installed 'audit-packages' gives me a warning
<snip>
Running /etc/security.local:
Package hylafax-4.1nb3 has a local-root-shell vulnerability, see
http://www.securityfocus.com/archive/1/176716
</snip>
which is obsolete since the changes that
http://online.securityfocus.com/archive/1/176716
http://online.securityfocus.com/archive/1/175963
http://www.hylafax.org/patches/hfaxd-vulnerability.patch
refer to are present in the current package. Can somebody please update the
list of vulnerabilities accordingly?
And while I'm at it:
1) I'd prefer to see HylaFAX run under its own userid instead of 'uucp'. On
machines that actually run UUCP (like mine) two sets of daemons with
different work sets are running under the same uid just because they
(potentially) share a tty.
2) The comms/hylafax package currently runs the hfaxd daemon standalone.
Small sites that send five faxes a day may be better off with running hfaxd
from inetd. After the following change, rc.d/hylafax does not start hfaxd
if an entry for it is present in /etc/inetd.conf:
<snip>
--- rc.d/hylafax Sun Jun 23 22:58:48 2002
+++ /usr/pkg/etc/rc.d/hylafax Wed Jun 26 22:21:34 2002
@@ -10,9 +10,12 @@
case ${command} in
start)
if [ -x /usr/pkg/libexec/hfaxd -a -f /var/spool/hylafax/etc/config
] ; then
- echo -n 'Starting hfaxd'
- /usr/pkg/libexec/hfaxd -i 4559 -o 4557 -s 444
-
+ echo -n 'Starting'
+ # start hfaxd standalone if not run by inetd
+ if `egrep '^[^#]+hfaxd.+$' /etc/inetd.conf >/dev/null 2>&1`; then
+ echo -n ' hfaxd'
+ /usr/pkg/libexec/hfaxd -i 4559 -o 4557 -s 444
+ fi
echo ' faxq.'
/usr/pkg/sbin/faxq
fi
</snip>
hauke
--
/~\ The ASCII Ribbon Campaign "They that can give up essential liberty
\ / No HTML/RTF in email to obtain a little temporary safety
X No Word docs in email deserve neither liberty nor safety."
/ \ Respect for open standards -- Benjamin Franklin, 1759