Re: fax program without security holes?
Have you posted it on the mgetty mailing list (firstname.lastname@example.org)? That list is
very cooperative, I believe that mgetty's main developer manage it by himself.
You also want to look at that mailing list archive
(http://www.elilabs.com/mgarc/index.html). There might be a discussion about
> Is there any fax program available for Debian without security
> By this, I mean I only want trusted users to be able to send faxes
> (they cost money!)
> mgetty-fax doesn't comply, see bug #11478, from 1997 (my proposed
> solution is attached).
> I consider this problem serious, as I don't want untrusted users being
> able to send faxes from my computer at my expense :-(.
> Sure - I can make local changes to my system, but then they get erased
> on each upgrade.
> My solution only gives users in the fax group write access to the fax
> spool directory (instead of everyone). True, it is not perfect (I
> think trusted users might be able to mess up the queue), but a lot
> better (untrusted users get 0 access).
> I am disappointed that so long has passed since my last message and
> nothing has been done about it :-(.
> Perhaps I should upgrade the bug to important? However, I am not the
> original bug submitter, and think it would be against etiquette.
> Also, I have created a perl script that will translate incoming E-Mail
> (including MIME attachments) into a FAX (after checking for the given
> password). I have done most of the work, a few minor details are still
> left. Anyone interested, please contact me. Also, the MIME stuff might
> be usable by other projects (not sure how well it would cope with large
> files though...).
> Brian May <email@example.com>
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
Shaul Karl firstname.lastname@example.org
An elephant is a mouse with an operating system.