[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fax program without security holes?


Is there any fax program available for Debian without security

By this, I mean I only want trusted users to be able to send faxes
(they cost money!)

mgetty-fax doesn't comply, see bug #11478, from 1997 (my proposed
solution is attached).

I consider this problem serious, as I don't want untrusted users being
able to send faxes from my computer at my expense :-(.

Sure - I can make local changes to my system, but then they get erased
on each upgrade.

My solution only gives users in the fax group write access to the fax
spool directory (instead of everyone). True, it is not perfect (I
think trusted users might be able to mess up the queue), but a lot
better (untrusted users get 0 access).

I am disappointed that so long has passed since my last message and
nothing has been done about it :-(.

Perhaps I should upgrade the bug to important? However, I am not the
original bug submitter, and think it would be against etiquette.

Also, I have created a perl script that will translate incoming E-Mail
(including MIME attachments) into a FAX (after checking for the given
password). I have done most of the work, a few minor details are still
left. Anyone interested, please contact me. Also, the MIME stuff might
be usable by other projects (not sure how well it would cope with large
files though...).
Brian May <bam@debian.org>

Reply to: