On Tue, 17 Aug 1999, Garance A Drosihn wrote:
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
If you removed the stat test, I would simply get rid of the -s
option entirely - require that all files be queued to the print
spool.
The administration would kill me. I would prefer
At 8:48 AM -0500 8/18/99, David Scheidt wrote:
On Tue, 17 Aug 1999, Garance A Drosihn wrote:
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
If you removed the stat test, I would simply get rid of the -s
option entirely - require that all files be queued to the print
spool.
In message [EMAIL PROTECTED] David
Scheidt writes:
: Couldn't you turn it off only for NFS mounted files?
For the general case (eg the code checked into the system), the check
needs to remain enabled. Anything else is insecure.
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
I have to agree... whenever one starts discussing weird, esoteric
workarounds one inevitably introduces security holes. I really think
just
On Wed, 18 Aug 1999, Matthew Dillon wrote:
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
Oh, absolutely. However, one of the reasons people use an operating system
they have source to is to make it
On Tue, 17 Aug 1999, Garance A Drosihn wrote:
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
If you removed the stat test, I would simply get rid of the -s
option entirely - require that all files be queued to the print
spool.
The administration would kill me. I would prefer
At 8:48 AM -0500 8/18/99, David Scheidt wrote:
On Tue, 17 Aug 1999, Garance A Drosihn wrote:
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
If you removed the stat test, I would simply get rid of the -s
option entirely - require that all files be queued to the print
spool.
In message pine.neb.3.96.990818084611.33224a-100...@shell-2.enteract.com
David Scheidt writes:
: Couldn't you turn it off only for NFS mounted files?
For the general case (eg the code checked into the system), the check
needs to remain enabled. Anything else is insecure.
Warner
To
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
I have to agree... whenever one starts discussing weird, esoteric
workarounds one inevitably introduces security holes. I really think
just
On Wed, 18 Aug 1999, Matthew Dillon wrote:
:For the general case (eg the code checked into the system), the check
:needs to remain enabled. Anything else is insecure.
:
:Warner
Oh, absolutely. However, one of the reasons people use an operating system
they have source to is to make it work
:lpr has the '-s' option that tells it to create a symlink to
:the file you want to print, instead of copying the file into
:...
:has not changed, if the standard st_dev+st_ino check is not
:going to work? Seems to me I should be checking something,
:instead of just ignoring the issue for NFS
lpr has the '-s' option that tells it to create a symlink to
the file you want to print, instead of copying the file into
the spool directory. As a security precaution, it does a
'stat' call on the file it links to, and saves away the
device_id and file_number that it found.
When lpd later goes
:lpr has the '-s' option that tells it to create a symlink to
:the file you want to print, instead of copying the file into
:...
:has not changed, if the standard st_dev+st_ino check is not
:going to work? Seems to me I should be checking something,
:instead of just ignoring the issue for NFS
At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
If you removed the stat test, I would simply get rid of the -s
option entirely - require that all files be queued to the print
spool.
The administration would kill me. I would prefer to avoid that.
(note that the check isn't completely
14 matches
Mail list logo
