Bugtraq mailing list archives
Re: LPRng lpd should not be SETUID root
From: Cy.Schubert () UUMAIL GOV BC CA (Cy Schubert - ITSD Open Systems Group)
Date: Mon, 10 Jul 2000 09:17:09 -0700
In message <200007092318.QAA21788@h4.private>, Patrick Powell writes:
Well, even in spite of all of my efforts, care, and paranoia, I finally dropped the hammer on my foot. Luckily it appears that I spotted this loophole before somebody on the LPRng mailing list did.
Of course anyone who wishes to use LPRng in a mode where it is 100% compatible with lpr/lpd, would need to give up this feature in order to plug this hole. I would think that the bug itself needs to be fixed too.
COMMENTARY: I would really like to see capability based permissions in UNIX and other systems. All that 'lpd' needs is the ability to open and bind to a 'reserved' port, i.e. 515 for listening, and open and bind to a port in the 'reserved' range for outgoing connections.
If print services would actually listen to port 1515 (example) then the following IP Filter NAT rule could be used to redirect packets to that port thereby allowing print services to not run as root. Sort of a poor man's approach to capabilities until they're implemented on all operating systems. rdr xl0 0/0 port 515 -> 127.0.0.1 port 1515 tcp Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert () osg gov bc ca Open Systems Group, ITSD, ISTA Province of BC
Current thread:
- Microsoft Security Bulletin (MS00-048) Microsoft Product Security (Jul 07)
- Re: Microsoft Security Bulletin (MS00-048) Jenik (Jul 08)
- LPRng lpd should not be SETUID root Patrick Powell (Jul 09)
- NetBSD Security Advisory 2000-009 security-officer () NETBSD ORG (Jul 10)
- Re: LPRng lpd should not be SETUID root Cy Schubert - ITSD Open Systems Group (Jul 10)
- NetBSD Security Advisory 2000-010 security-officer () NETBSD ORG (Jul 10)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin (MS00-048) Richard Waymire (Jul 10)
- Re: Microsoft Security Bulletin (MS00-048) Mikael Olsson (Jul 11)
- FreeBSD Ports Security Advisory: FreeBSD-SA-00:29.wu-ftpd [REVISED] FreeBSD Security Advisories (Jul 11)
- Re: Microsoft Security Bulletin (MS00-048) Richard Waymire (Jul 11)
- Remote Denial Of Service -- NetWare 5.0 with SP 5 Dimuthu Parussalla (Jul 10)
- Re: Remote Denial Of Service -- NetWare 5.0 with SP 5 Conrad Wood (Jul 13)
- Re: Microsoft Security Bulletin (MS00-048) Mikael Olsson (Jul 11)
- Remote Denial Of Service -- NetWare 5.0 with SP 5 Dimuthu Parussalla (Jul 10)