[NTLUG:Discuss] A Vulnerability question
herrold
herrold at owlriver.com
Mon Oct 8 13:09:34 CDT 2001
On Mon, 8 Oct 2001, Jim Wildman wrote:
> Hear, hear!! Paranoia is not only good, it is essential!
> Take printing for instance.
> 1) Why do you need to print from a firewall host? configs?
> 2) Lots of opportunites since most spoolers run as root.
> 3) Scp the file to another box and print it, or start lpd just when you
> need it.
Why 'scp' ? From a firewall box -- when I need to print, I pipe the
content toward my throwaway script 'remotelpr', type a password (in
this case, for oldnews.inside.lan), and it prints inside my lan.
This would be safe and onestep across the public internet as well.
[root at pokey bin]# cat remotelpr
#!/bin/sh
#
HOST="oldnews.inside.lan"
cat - | ssh $HOST lpr -
#
More information about the Discuss
mailing list