>> I have heard rumors of security problems associated with the BSD-style >> lpr/lpd printing system. Does anyone know anything about this? > > Sun systems (4.1.3_U1) patch # 101434-03 lpr Jumbo patch fixes: > lpr checks real rather than effective user > lpr -s -t can be used to remove any file in / And of course, there's the famous old one that used creat() instead of open(..,O_EXCL|O_CREAT). The exploit can be found in the 8lgm advisory for lpr. -- Nathan Lawson | "One of the advantages of using UNIX to teach an operating CSL 490 Admin | systems course is the sources and documentation will easily 756-7180 @Work | fit into a students briefcase." -- John Lions (1976)