Bug 18760

Summary: patch: "no inet" flag for /usr/sbin/lpd
Product: Base System Reporter: njh <njh>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.4-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff
none
file.diff none

Description njh 2000-05-22 23:00:00 UTC 
The /usr/sbin/lpd daemon is required to run, as root, on any host
which has a printer. This daemon listens for local lpr/lpq/etc
requests on a UNIX domain socket, and for remote requests on port 515
(printer/tcp) all available Internet interfaces.

I know of no security problems with the current lpd code, or the
libraries with which it links. However, in line with the general
principle that network services that aren't required ought not to be
offered to the world at large for potential abuse, it seems to me that
it would be desirable if hosts which have a local printer or printers
but which have no requirement to provide printer services to remote
clients could optionally disable the Internet listening feature.

Fix: Context diffs for lpd.c and lpd.8 follow.

They add a new command line flag to lpd, "-n", which prevents lpd from
opening any Internet sockets (local requests are still accepted via
the UNIX domain socket /var/run/printer).

They were generated relative to the 3.4-RELEASE sources - I don't have
a CURRENT source tree to hand, but I tested them as patches against
the 4.0-RELEASE sources and they apply cleanly, so I don't think that
I've been too far overtaken by developments.
Comment 1 Garrett Wollman freebsd_committer freebsd_triage 2000-05-23 16:28:30 UTC 
State Changed
From-To: open->closed

Desired functionality is already implemented as the `-p' flag.