Date: Tue, 22 Oct 1996 09:00:02 -0700 (PDT) From: Marc Slemko <marcs@znep.com> To: freebsd-bugs Subject: Re: bin/1863: On systems with setuid 'lpr' and defined printers, lpr breaks root Message-ID: <199610221600.JAA07254@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/1863; it has been noted by GNATS.
From: Marc Slemko <marcs@znep.com>
To: tqbf@enteract.com
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/1863: On systems with setuid 'lpr' and defined printers, lpr breaks root
Date: Tue, 22 Oct 1996 09:49:36 -0600 (MDT)
Below is an excerpt from a diff between the current FreeBSD and the
current OpenBSD lpr.c that shows how this problem is fixed in the OpenBSD
source.
There are also some other attempts at security improvements in the OpenBSD
lpr code; they should be looked at to see if they are valid and, if so,
imported.
***************
*** 471,477 ****
register int len = 2;
*p1++ = c;
! while ((c = *p2++) != '\0') {
*p1++ = (c == '\n') ? ' ' : c;
len++;
}
--- 505,511 ----
register int len = 2;
*p1++ = c;
! while ((c = *p2++) != '\0' && len < sizeof(buf)) {
*p1++ = (c == '\n') ? ' ' : c;
len++;
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610221600.JAA07254>