Bugtraq mailing list archives

Re: setuid lp script

From: casper () holland Sun COM (Casper Dik)
Date: Thu, 15 Aug 1996 17:46:45 +0200

What is the purpose of /etc/lp/alters/printers on a solaris machine?
It is a setuid lp script.  I have run Casper's fix-modes script, but
this file's permissions were not changed.



The fix-modes script only fixed about 4000+ group writable files/directories.

It doesn't fix set-uid/set-gid programs that shouldn't be.

(Such as sulogin, login,  /sbin/su)

I have no idea what /etc/lp/alerts/printers does.

However, I never bothered to get it fixed because it's harmless.

A set-uid shell script that doesn't start with "#!/bin/sh -p" will
cause /bin/sh to reset the euid back to the ruid immediately.


As truss shows:

4423:   execve("/etc/lp/alerts/printer", 0xEFFFF7F4, 0xEFFFF7FC)  argc = 2
4423:       *** SUID: ruid/euid/suid = 1001 / 71 / 71  ***
4423:   getuid()                                        = 1001 [71]
4423:   getuid()                                        = 1001 [71]
4423:   setuid(1001)                                   = 0


(note that getuid() and geteuid() are one and the same system call,
it returns both values in different registers)

Casper

Current thread:

Re: mail storm Roy Leonard (Aug 13)
- Re: mail storm zero cool (Aug 13)
- Re: mail storm Pete Ashdown (Aug 13)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
  - Re: setuid lp script Casper Dik (Aug 15)
  - CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
    - IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- <Possible follow-ups>
- Re: mail storm Brett L. Hawn (Aug 13)
  - Re: mail storm John Ladwig (Aug 13)
  - Re: mail storm C. Harald Koch (Aug 13)
  - Re: mail storm Joe Rhett (Aug 13)
  - Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
  - HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)