Bugtraq mailing list archives
Re: Possible Bug in CDE on HP-UX
From: jeremy () WISHBONE STANFORD EDU (Jeremy Brinkley)
Date: Tue, 10 Mar 1998 16:25:01 -0800
On Mon, 9 Mar 1998, gareth greenaway wrote:
While playing around with CDE on the HP-UX workstations at my university i recently discovered a oddity. In the CDE printer mangager I discovered that I, using my normal student login, could delete print jobs from the print que. Including those that weren't mine. Although this doesnt seem like a severe security risk, im sure other users wouldnt be too happy to know that someone could easily delete their print jobs.
I'm not sure this is a CDE issue; any user can cancel another user's print jobs by default on HP-UX. It's on purpose, since the user sitting next to the garbage-spewing printer may not be the user who submitted the job. The administrator can override this on a per-printer basis using the -orc option to lpadmin(1m). Jeremy Brinkley jeremy () wishbone stanford edu System Administrator finger for PGP key (2.6.2) or Stanford Blood Center http://wishbone.stanford.edu/~jeremy
Current thread:
- the purpose of dynamic memory allocation D. J. Bernstein (Mar 04)
- Re: the purpose of dynamic memory allocation sinster () DARKWATER COM (Mar 05)
- New OpenBSD security web page Theo de Raadt (Mar 06)
- <Possible follow-ups>
- Re: the purpose of dynamic memory allocation tqbf () secnet com (Mar 06)
- Possible Bug in CDE on HP-UX gareth greenaway (Mar 09)
- Re: Possible Bug in CDE on HP-UX Jeremy Brinkley (Mar 10)
- Re: the purpose of dynamic memory allocation David LeBlanc (Mar 10)
- Re: the purpose of dynamic memory allocation Jeffrey Hutzelman (Mar 10)
- Re: the purpose of dynamic memory allocation Alan Cox (Mar 11)
- DoS (and possibly more) on MDaemon for NT/95 Alvaro Martinez Echevarria (Mar 10)
- MDaemon SMTP Server Buffer Overflow's Aleph One (Mar 10)
- Security problem in Slackware. Suman_Saraf (Mar 11)
- Re: Security problem in Slackware. Peter van Dijk (Mar 13)
- /tmp event logger Michal Zalewski (Mar 14)
- Re: /tmp event logger Theo de Raadt (Mar 15)
- Possible Bug in CDE on HP-UX gareth greenaway (Mar 09)
- Vunerable shell scripts Michal Zalewski (Mar 14)