Bugtraq mailing list archives

Re: lpr/lpd problems

From: nlawson () statler csc calpoly edu (Nathan Lawson)
Date: Tue, 28 Feb 1995 10:48:16 -0800 (PST)

I have heard rumors of security problems associated with the BSD-style
lpr/lpd printing system.  Does anyone know anything about this?


Sun systems (4.1.3_U1) patch # 101434-03 lpr Jumbo patch fixes:
  lpr checks real rather than effective user
  lpr -s -t can be used to remove any file in /


And of course, there's the famous old one that used creat() instead of 
open(..,O_EXCL|O_CREAT).  The exploit can be found in the 8lgm advisory for
lpr.

-- 
Nathan Lawson   | "One of the advantages of using UNIX to teach an operating
CSL 490 Admin   |  systems course is the sources and documentation will easily
756-7180 @Work  |  fit into a students briefcase."  -- John Lions (1976)

Current thread:

Re: lpr/lpd problems irj () btc uwe ac uk (Feb 28)
- Vulnerabilities in the Web AJ Bate (Feb 28)
- Re: lpr/lpd problems Nathan Lawson (Feb 28)