HylaFAX The world's
most advanced open source fax server
hfaxd security considerations
Does anyone consider the default init script in the HylaFAX source
distribution to be a wee bit dangerous? I mean, hfaxd(8c) states:
OLD CLIENT-SERVER PROTOCOL SUPPORT
If hfaxd is started with the -o option it will service
clients using the old HylaFAX client-server protocol that
was used in distributions prior to the 4.0 release. Note
however that this support is only available if hfaxd is
compiled with the support enabled.
Emulation of the old protocol is important for supporting
non-UNIX clients such as the WinFlex client for Windows
systems and the MacFlex client for Macintosh systems. It
is strongly recommended however that unless you need to
support these old-style clients that you not enable sup-
port for the old protocol because of the inherent misde-
sign of this protocol.
and yet the init script fires up hfaxd, by default, as:
$HFAXD -i $FAXPORT -o 4557 -s $SNPPPORT
If you're at all concerned about controlling host access to your server,
running the old (insecure) protocol is 'not a good idea'(tm).
-----BEGIN PGP MESSAGE-----
-----END PGP MESSAGE-----