[TAG] (forw) Re: (forw) Re: lpr works for user not root in Basiclinux 2.1
keesan at grex.cyberspace.org
Fri Jan 26 21:18:56 MSK 2007
On Fri, 26 Jan 2007, Benjamin A. Okopnik wrote:
> On Fri, Jan 26, 2007 at 02:09:35AM -0800, Sindi Keesan wrote:
>> I don't even know what a network socket is.
> That's pretty much my point. The majority of those who run their
> machines as root literally have _no_ idea of how exposed and vulnerable
> they are.
> Sockets and ports are methods by which local and remote clients can
> connect to your machine. Try running 'netstat'; this will show you a
> list of your currently-open sockets and ports.
bash: netstat: command not found
You are making too many assumptions about my linux ;=)
>> Nobody in their right mind
>> would want my system. The software is 8 years out of date (the hardware
>> is older than that) and the connection is dialup. Should I be worried
> See my earlier point about resources. There are Russian and Polish
> companies (and probably lots of others, but those seem to be at the
> forefront) who will sell you their spam-distribution services and boast
> of "thousands of 'captured' machines" that they use for the purpose.
> It's a popular dodge for spammers these days, since it essentially
> counters IP blocking.
I thought they went after broadband. And Windows. How exactly would they
attack a linux machine using dialup internet, without me noticing?
I do most of my browsing and emailing via a shell account to which I ssh
as root. Am I still vulnerable to attack?
>>> Also, I'd like to point out that the Unix world was ecstatic about the
>>> rise of CUPS specifically because it allowed us to finally get rid of
>>> lpd / lprNG, which was hopeless spaghetti code, derived from ancient BSD
>>> efforts among nameless student coders at University of California at
>>> Berkeley. One of the worst of the many bad aspects of lpd / lprNG is
>>> that its security profile and history were and are utterly dreadful.
>> Do I need security to print on my own single-user system?
> I don't know how to emphasize this enough, but given that a very large
> percentage of system break-ins in the past occurred via 'lpr/lprng', the
> answer is a very definite "YES".
I had not been using lpr until now and now have a script to print with
using gs directly, tested in Opera and xpdf.
>> The people we are giving 200MHz computers to don't have networks. But
>> they do need to print formatted papers for school, and webpages.
>> I don't think I need CUPS.
> Given the above, why are you using a print server/scheduler at all? I
> ran my system with nothing more than 'magicfilter' and a script to send
> it to the appropriate filter for a couple of years when I was in a
> similar situation, and it worked fine.
I don't know what magicfilter is, but I have a script that will let me
print from within X programs now, and don't even need a filter. A few
years ago people using our distribution worked out how to use lpr and
printcap, but there is no need for them now. I guess I should stop being
curious why lpr won't work for root.
Now I need to figure out why your email ended up in my spam folder....
> * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
More information about the TAG