Date: Thu, 9 Mar 2000 14:46:39 -0500 (EST) From: stanislav shalunov <shalunov@att.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/17289: [PATCH] wrong permissions on /var/run/printer Message-ID: <200003091946.OAA95145@tuzik.lz.att.com>
next in thread | raw e-mail | index | archive | help
>Number: 17289
>Category: bin
>Synopsis: [PATCH] wrong permissions on /var/run/printer
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 9 11:50:00 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: stanislav shalunov
>Release: FreeBSD 3.1-RELEASE i386
>Organization:
>Environment:
>Description:
On startup, lpd(8) creates an AF_UNIX socket /var/run printer.
Before creating it, umask is set to 007. This allows members
of the wheel group to submit data to lpd bypassing normal
accounting, etc.
>How-To-Repeat:
shalunov@tuzik$ id
uid=1000(shalunov) gid=1000(shalunov) groups=1000(shalunov), 0(wheel)
shalunov@tuzik$ cd /var/run
shalunov@tuzik$ ls -l printer
srwxrwx--- 1 root wheel 0 Oct 25 10:53 printer
shalunov@tuzik$ perl -MSocket -e 'socket(SOCK, PF_UNIX, SOCK_STREAM, 0); connect(SOCK, sockaddr_un("printer")); print SOCK "foo\n"'
shalunov@tuzik$ tail -1 /var/log/messages
Mar 9 14:44:15 tuzik lpd[95097]: bad request (102) from tuzik.lz.att.com
>Fix:
In /usr/src/usr.sbin/lpr/lpd/
--- lpd.c.orig Thu Mar 9 14:34:20 2000
+++ lpd.c Thu Mar 9 14:34:34 2000
@@ -258,7 +258,7 @@
sigaddset(&nmask, SIGTERM);
sigprocmask(SIG_BLOCK, &nmask, &omask);
- (void) umask(07);
+ (void) umask(077);
signal(SIGHUP, mcleanup);
signal(SIGINT, mcleanup);
signal(SIGQUIT, mcleanup);
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003091946.OAA95145>