From owner-freebsd-bugs  Thu Mar  9 11:50: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5103137B7B3
	for <freebsd-bugs@FreeBSD.org>; Thu,  9 Mar 2000 11:50:02 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id LAA47345;
	Thu, 9 Mar 2000 11:50:02 -0800 (PST)
	(envelope-from gnats@FreeBSD.org)
Received: from kcmso1.proxy.att.com (kcmso1.att.com [192.128.133.69])
	by hub.freebsd.org (Postfix) with ESMTP id B00D637B6F6
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Mar 2000 11:46:51 -0800 (PST)
	(envelope-from shalunov@tuzik.lz.att.com)
Received: from tuzik.lz.att.com ([135.25.200.84])
	by kcmso1.proxy.att.com (AT&T IPNS/MSO-2.2) with ESMTP id OAA01313
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 9 Mar 2000 14:46:49 -0500 (EST)
Received: (from shalunov@localhost)
	by tuzik.lz.att.com (8.9.2/8.9.2) id OAA95145;
	Thu, 9 Mar 2000 14:46:39 -0500 (EST)
	(envelope-from shalunov)
Message-Id: <200003091946.OAA95145@tuzik.lz.att.com>
Date: Thu, 9 Mar 2000 14:46:39 -0500 (EST)
From: stanislav shalunov <shalunov@att.com>
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/17289: [PATCH] wrong permissions on /var/run/printer
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         17289
>Category:       bin
>Synopsis:       [PATCH] wrong permissions on /var/run/printer
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar  9 11:50:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     stanislav shalunov
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
>Environment:
>Description:

On startup, lpd(8) creates an AF_UNIX socket /var/run printer.
Before creating it, umask is set to 007.  This allows members
of the wheel group to submit data to lpd bypassing normal
accounting, etc.

>How-To-Repeat:

shalunov@tuzik$ id
uid=1000(shalunov) gid=1000(shalunov) groups=1000(shalunov), 0(wheel)
shalunov@tuzik$ cd /var/run
shalunov@tuzik$ ls -l printer
srwxrwx---  1 root  wheel  0 Oct 25 10:53 printer
shalunov@tuzik$ perl -MSocket -e 'socket(SOCK, PF_UNIX, SOCK_STREAM, 0); connect(SOCK, sockaddr_un("printer")); print SOCK "foo\n"'
shalunov@tuzik$ tail -1 /var/log/messages
Mar  9 14:44:15 tuzik lpd[95097]: bad request (102) from tuzik.lz.att.com

>Fix:

In /usr/src/usr.sbin/lpr/lpd/

--- lpd.c.orig	Thu Mar  9 14:34:20 2000
+++ lpd.c	Thu Mar  9 14:34:34 2000
@@ -258,7 +258,7 @@
 	sigaddset(&nmask, SIGTERM);
 	sigprocmask(SIG_BLOCK, &nmask, &omask);
 
-	(void) umask(07);
+	(void) umask(077);
 	signal(SIGHUP, mcleanup);
 	signal(SIGINT, mcleanup);
 	signal(SIGQUIT, mcleanup);

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message