From owner-freebsd-security Sun Apr 19 20:33:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA28680 for freebsd-security-outgoing; Sun, 19 Apr 1998 20:33:56 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from nyef.res.cmu.edu (qmailr@NYEF.RES.CMU.EDU [128.2.88.90]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id DAA28598 for ; Mon, 20 Apr 1998 03:33:46 GMT (envelope-from inf@nyef.res.cmu.edu) Received: (qmail 12197 invoked by uid 1000); 20 Apr 1998 03:33:39 -0000 Message-ID: <19980419233339.41046@nyef.res.cmu.edu> Date: Sun, 19 Apr 1998 23:33:39 -0400 From: Marca Registrada To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <199804200000.KAA16875@gsms01.alcatel.com.au> <19980419190946.52003@mcs.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89i In-Reply-To: <19980419190946.52003@mcs.net>; from Karl Denninger on Sun, Apr 19, 1998 at 07:09:46PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Quoting Karl Denninger (karl@mcs.net): > Look at how System V "lp" handled this. Either you make the file > world-readable, or lp copied it (you had to tell it to do the second). Couldn't lpr figure this out for you.. or at least ask if you would like to make a (possibly interceptable) copy of the non-world-readable file for the paranoid/ Any comments on LPRng? I don't print much anymore, so I havn't used it in ages, but from wht I remember it passes data through sockets rahter tahn through passing files.. far more secure. -- - All we hear is internet gaagaa, internet googoo, internet gaagaa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message