fax program without security holes?

To: debian-devel@lists.debian.org
Subject: fax program without security holes?
From: Brian May <bam@debian.org>
Date: 19 Feb 2000 20:20:30 +1100
Message-id: <84ln4h1rc1.fsf@snoopy.apana.org.au>

Hello,

Is there any fax program available for Debian without security
holes?

By this, I mean I only want trusted users to be able to send faxes
(they cost money!)

mgetty-fax doesn't comply, see bug #11478, from 1997 (my proposed
solution is attached).

I consider this problem serious, as I don't want untrusted users being
able to send faxes from my computer at my expense :-(.

Sure - I can make local changes to my system, but then they get erased
on each upgrade.

My solution only gives users in the fax group write access to the fax
spool directory (instead of everyone). True, it is not perfect (I
think trusted users might be able to mess up the queue), but a lot
better (untrusted users get 0 access).

I am disappointed that so long has passed since my last message and
nothing has been done about it :-(.

Perhaps I should upgrade the bug to important? However, I am not the
original bug submitter, and think it would be against etiquette.


Also, I have created a perl script that will translate incoming E-Mail
(including MIME attachments) into a FAX (after checking for the given
password). I have done most of the work, a few minor details are still
left. Anyone interested, please contact me. Also, the MIME stuff might
be usable by other projects (not sure how well it would cope with large
files though...).
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: fax program without security holes?
  - From: Shaul Karl <shaulk@israsrv.net.il>

Prev by Date: Re: wterm in potato
Next by Date: Re: ITP: OpenH323
Previous by thread: Re: wterm in potato
Next by thread: Re: fax program without security holes?
Index(es):
- Date
- Thread