|
Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
hfaxd security considerations
Folks,
Does anyone consider the default init script in the HylaFAX source
distribution to be a wee bit dangerous? I mean, hfaxd(8c) states:
OLD CLIENT-SERVER PROTOCOL SUPPORT
If hfaxd is started with the -o option it will service
clients using the old HylaFAX client-server protocol that
was used in distributions prior to the 4.0 release. Note
however that this support is only available if hfaxd is
compiled with the support enabled.
Emulation of the old protocol is important for supporting
non-UNIX clients such as the WinFlex client for Windows
systems and the MacFlex client for Macintosh systems. It
is strongly recommended however that unless you need to
support these old-style clients that you not enable sup-
port for the old protocol because of the inherent misde-
sign of this protocol.
and yet the init script fires up hfaxd, by default, as:
$HFAXD -i $FAXPORT -o 4557 -s $SNPPPORT
YIKES!!!
If you're at all concerned about controlling host access to your server,
running the old (insecure) protocol is 'not a good idea'(tm).
-Darren
-----BEGIN PGP MESSAGE-----
Version: 2.6.3i
iQB1AwUBM7mYJ+q6rnjZTXDRAQH2pQMAsDKbqZbBkJucPvuBP7JeiRyAVdfnxNDG
vX/KhkKTAukP10dhJng0cwnmSYIQ9r0X0g5UVGmZfdeFBLn2QRXLK1Q1FuhpYQ29
05TO960Wx1sLRC8MdqWVm2zlbg1nKQxo
=NFTX
-----END PGP MESSAGE-----
