Re: fax program without security holes?
Have you posted it on the mgetty mailing list (mgetty@muc.de)? That list is
very cooperative, I believe that mgetty's main developer manage it by himself.
You also want to look at that mailing list archive
(http://www.elilabs.com/mgarc/index.html). There might be a discussion about
the problem.
> Hello,
>
> Is there any fax program available for Debian without security
> holes?
>
> By this, I mean I only want trusted users to be able to send faxes
> (they cost money!)
>
> mgetty-fax doesn't comply, see bug #11478, from 1997 (my proposed
> solution is attached).
>
> I consider this problem serious, as I don't want untrusted users being
> able to send faxes from my computer at my expense :-(.
>
> Sure - I can make local changes to my system, but then they get erased
> on each upgrade.
>
> My solution only gives users in the fax group write access to the fax
> spool directory (instead of everyone). True, it is not perfect (I
> think trusted users might be able to mess up the queue), but a lot
> better (untrusted users get 0 access).
>
> I am disappointed that so long has passed since my last message and
> nothing has been done about it :-(.
>
> Perhaps I should upgrade the bug to important? However, I am not the
> original bug submitter, and think it would be against etiquette.
>
>
> Also, I have created a perl script that will translate incoming E-Mail
> (including MIME attachments) into a FAX (after checking for the given
> password). I have done most of the work, a few minor details are still
> left. Anyone interested, please contact me. Also, the MIME stuff might
> be usable by other projects (not sure how well it would cope with large
> files though...).
> --
> Brian May <bam@debian.org>
>
>
> --
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Shaul Karl shaulk@israsrv.net.il
An elephant is a mouse with an operating system.
Reply to: