Re: lpr/lpd problems

Nathan Lawson (nlawson@statler.csc.calpoly.edu)
Tue, 28 Feb 1995 10:48:16 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: AJ Bate: "Vulnerabilities in the Web"
Previous message: AJ Bate: "Vulnerabilities in the Web"
In reply to: irj@btc.uwe.ac.uk: "Re: lpr/lpd problems"

>> I have heard rumors of security problems associated with the BSD-style
>> lpr/lpd printing system.  Does anyone know anything about this?
> 
> Sun systems (4.1.3_U1) patch # 101434-03 lpr Jumbo patch fixes:
>   lpr checks real rather than effective user
>   lpr -s -t can be used to remove any file in /

And of course, there's the famous old one that used creat() instead of 
open(..,O_EXCL|O_CREAT).  The exploit can be found in the 8lgm advisory for
lpr.

-- 
Nathan Lawson   | "One of the advantages of using UNIX to teach an operating
CSL 490 Admin   |  systems course is the sources and documentation will easily
756-7180 @Work  |  fit into a students briefcase."  -- John Lions (1976)

Next message: AJ Bate: "Vulnerabilities in the Web"
Previous message: AJ Bate: "Vulnerabilities in the Web"
In reply to: irj@btc.uwe.ac.uk: "Re: lpr/lpd problems"