A wrapper for /usr/ucb/lpr compiled for NeXT, Intel, HP, and Sparc to protect against an attack whereby a user could run commands as root or possibly gain root access.
This is an old bug fixed in OpenStep 4.2 and later, described in a recent advisor by CERT (http://www.cert.org). NOTE: there have been recent episodes of this bug being exploited... it seems to have been "rediscovered".
The contents of this .tar.gz file:
README This file
README-2.rtf More information (including how compiled, etc).
CERT-CA-97.19 The CERT advisory
lpr-wrapper.pkg Installer.app package to install secure wrapper
and close security hole.
src/lpr.c The source code used to compile this wrapper
src/overflow_wrapper.c The source code lpr.c is based on.
Special thanks to Rex Dieter <rdieter@math.unl.edu> who helped me make my first Installer package. He also helped me test and debug it.
