Date: Sat, 15 Apr 1995 07:48:32 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: pritc003@maroon.tc.umn.edu Cc: freebsd-bugs@freefall.cdrom.com Subject: Re: bin/342: lpd can allow users access to all of root's groups Message-ID: <199504150548.HAA01352@uriah.heep.sax.de> In-Reply-To: <199504141530.IAA20683@freefall.cdrom.com> from "pritc003@maroon.tc.umn.edu" at Apr 14, 95 08:30:01 am
next in thread | previous in thread | raw e-mail | index | archive | help
As pritc003@maroon.tc.umn.edu wrote: > > If a /etc/printcap entry is setup to use a filtering program that > allows the user some control over it (e.g. apsfilter), then the user > can run commands as user daemon with all of root's groups. It's arguable that this is a bug in apsfilter as well. (And actually, just *this* is the reason why Andreas Klemm didn't yet offer a port of apsfilter to FreeBSD - he knows about this bug/problem.) OTOH, it seems to be a good idea to switch UIDs regardless of this problem, since lpr filters tend to be shell scripts in some cases. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199504150548.HAA01352>