[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fax program without security holes?

Have you posted it on the mgetty mailing list (mgetty@muc.de)? That list is 
very cooperative, I believe that mgetty's main developer manage it by himself.
You also want to look at that mailing list archive 
(http://www.elilabs.com/mgarc/index.html). There might be a discussion about 
the problem.

> Hello,
> Is there any fax program available for Debian without security
> holes?
> By this, I mean I only want trusted users to be able to send faxes
> (they cost money!)
> mgetty-fax doesn't comply, see bug #11478, from 1997 (my proposed
> solution is attached).
> I consider this problem serious, as I don't want untrusted users being
> able to send faxes from my computer at my expense :-(.
> Sure - I can make local changes to my system, but then they get erased
> on each upgrade.
> My solution only gives users in the fax group write access to the fax
> spool directory (instead of everyone). True, it is not perfect (I
> think trusted users might be able to mess up the queue), but a lot
> better (untrusted users get 0 access).
> I am disappointed that so long has passed since my last message and
> nothing has been done about it :-(.
> Perhaps I should upgrade the bug to important? However, I am not the
> original bug submitter, and think it would be against etiquette.
> Also, I have created a perl script that will translate incoming E-Mail
> (including MIME attachments) into a FAX (after checking for the given
> password). I have done most of the work, a few minor details are still
> left. Anyone interested, please contact me. Also, the MIME stuff might
> be usable by other projects (not sure how well it would cope with large
> files though...).
> -- 
> Brian May <bam@debian.org>
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Shaul Karl		 		   shaulk@israsrv.net.il
	An elephant is a mouse with an operating system.

Reply to: