From owner-freebsd-current Fri Dec 10 2: 3:55 1999 Delivered-To: freebsd-current@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 2012E15154 for ; Fri, 10 Dec 1999 02:03:48 -0800 (PST) (envelope-from bright@wintelcom.net) Received: from localhost (bright@localhost) by fw.wintelcom.net (8.9.3/8.9.3) with ESMTP id CAA14691; Fri, 10 Dec 1999 02:33:29 -0800 (PST) Date: Fri, 10 Dec 1999 02:33:29 -0800 (PST) From: Alfred Perlstein To: Andre Albsmeier Cc: Warner Losh , Garance A Drosihn , current@FreeBSD.ORG Subject: Re: NO! Re: [PATCHES] Two fixes for lpd/lpc for review and test In-Reply-To: <19991210074205.B12325@internal> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 10 Dec 1999, Andre Albsmeier wrote: > On Thu, 09-Dec-1999 at 15:02:41 -0800, Alfred Perlstein wrote: > > On Thu, 9 Dec 1999, Andre Albsmeier wrote: > > > > ... > > > > > For better reference, here is the current patch: > > > > > > > I don't have too much time to think about this, argue me this: > > Sure, please tell me if you don't want to get CC'ed on this anymore. I'm sorry if I sounded like that, I didn't mean to. :) > > why should I allow a user to print any file on the system? > > > > the race condition is still there. > > Right :-(. The file won't be given to the user anymore but he can > print everything. However, there must be a solution for this... Can someone take a look at this? Basically, it makes the link to the file, if it can unlink the original it will then chown the spool file if it can't delete or read the original then the user didn't have permission and it backs out. Index: lpr.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/lpr/lpr/lpr.c,v retrieving revision 1.31 diff -u -r1.31 lpr.c --- lpr.c 1999/11/30 16:15:22 1.31 +++ lpr.c 1999/12/10 14:09:08 @@ -384,6 +384,46 @@ } if (sflag) printf("%s: %s: not linked, copying instead\n", name, arg); + if (f) { + seteuid(euid); + if (link(arg, dfname) == 0) { + int ret; + + seteuid(uid); + /* + * if we can access and remove the file without + * special setuid-ness then allow it. + */ + ret = access(dfname, R_OK); + if (ret == 0) + ret = unlink(arg); + seteuid(euid); + if (ret == 0) { + /* unlink was successful fixup perms */ + chown(dfname, userid, getegid()); + chmod(dfname, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + } else { + /* + * the user handed me a file the don't have access to, + * remove it from the spooldir and try other methods + */ + unlink(dfname); + seteuid(uid); + goto nohardlink; + } + seteuid(uid); + if (format == 'p') + card('T', title ? title : arg); + for (i = 0; i < ncopies; i++) + card(format, &dfname[inchar-2]); + card('U', &dfname[inchar-2]); + card('N', arg); + nact++; + continue; + } + seteuid(uid); /* restore old uid */ + } +nohardlink: if ((i = open(arg, O_RDONLY)) < 0) { printf("%s: cannot open %s\n", name, arg); } else { To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message