Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible Bug in CDE on HP-UX

From: jeremy () WISHBONE STANFORD EDU (Jeremy Brinkley)
Date: Tue, 10 Mar 1998 16:25:01 -0800

On Mon, 9 Mar 1998, gareth greenaway wrote:


While playing around with CDE on the HP-UX workstations at my university i
recently discovered a oddity.  In the CDE printer mangager I discovered
that I, using my normal student login, could delete print jobs from the
print que.  Including those that weren't mine.  Although this doesnt seem
like a severe security risk, im sure other users wouldnt be too happy to
know that someone could easily delete their print jobs.


I'm not sure this is a CDE issue; any user can cancel another user's
print jobs by default on HP-UX.  It's on purpose, since the user sitting
next to the garbage-spewing printer may not be the user who submitted the
job.  The administrator can override this on a per-printer basis
using the -orc option to lpadmin(1m).

  Jeremy Brinkley                  jeremy () wishbone stanford edu
  System Administrator             finger for PGP key (2.6.2) or
  Stanford Blood Center            http://wishbone.stanford.edu/~jeremy
Previous By Date Next
Previous By Thread Next

Current thread: