From owner-freebsd-bugs Fri Sep 18 11:21:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA03178 for freebsd-bugs-outgoing; Fri, 18 Sep 1998 11:21:00 -0700 (PDT) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA03037 for ; Fri, 18 Sep 1998 11:20:27 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id LAA00399; Fri, 18 Sep 1998 11:20:02 -0700 (PDT) Received: from boco.fee.vutbr.cz (boco.fee.vutbr.cz [147.229.9.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA25508 for ; Fri, 18 Sep 1998 06:33:53 -0700 (PDT) (envelope-from cejkar@dcse.fee.vutbr.cz) Received: from kazi.dcse.fee.vutbr.cz (kazi.dcse.fee.vutbr.cz [147.229.8.12]) by boco.fee.vutbr.cz (8.9.1/8.9.1) with ESMTP id PAA07414 for ; Fri, 18 Sep 1998 15:33:19 +0200 (MET DST) Received: (from cejkar@localhost) by kazi.dcse.fee.vutbr.cz (8.8.8/8.8.8) id PAA04924; Fri, 18 Sep 1998 15:33:18 +0200 (CEST) Message-Id: <199809181333.PAA04924@kazi.dcse.fee.vutbr.cz> Date: Fri, 18 Sep 1998 15:33:18 +0200 (CEST) From: cejkar@dcse.fee.vutbr.cz Reply-To: cejkar@dcse.fee.vutbr.cz To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/7973: lpd: Bad control file owner in case of remote printing Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 7973 >Category: bin >Synopsis: lpd: Bad control file owner in case of remote printing >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 18 11:20:02 PDT 1998 >Last-Modified: >Originator: Rudolf Cejka >Organization: FEE TU Brno, Czech Republic >Release: FreeBSD 2.2.7-STABLE, FreeBSD 3.0-CURRENT i386 >Environment: Originally found in FreeBSD 2.2.7-STABLE, but FreeBSD 3.0-CURRENT has the same problem. >Description: Hard for me to explain this but... Problem is with /var/spool/lpd/*/cf* control files. If file is printed locally (via lpr), cf* file is created with right permissions: ls -l => -rw-rw---- 1 daemon daemon ... cf*. But if file is printed remotely and cf* are creates by lpd, cf* files have bad permissions: ls -l => -rw-rw---- 1 root daemon ... cf*. It has bad impact on print filters ("if" in printcap) which extract some information from cf* control files. Filters are executed with these ids: uid=1 (daemon) gid=0 (wheel). They do not belong to wheel group. (Line "daemon:*:1:daemon" in /etc/group doesn't help!) So if file is received via network, print filter hasn't permissions for reading control files. (Patch changes root => daemon.) >How-To-Repeat: >Fix: Here is my simple patch for FreeBSD 2.2.7-STABLE: ("$Id: recvjob.c,v 1.5.2.3 1997/10/06 04:21:33 imp Exp $";) (In FreeBSD 3.0-CURRENT it is very similar - only lines 106-107 are unnecessary.) *** recvjob.c.bad Fri Sep 18 13:33:13 1998 --- recvjob.c Fri Sep 18 14:41:14 1998 *************** *** 79,85 **** static int noresponse __P((void)); static void rcleanup __P((int)); static int read_number __P((char *)); ! static int readfile __P((char *, int)); static int readjob __P((void)); --- 79,85 ---- static int noresponse __P((void)); static void rcleanup __P((int)); static int read_number __P((char *)); ! static int readfile __P((char *, int, int)); static int readjob __P((void)); *************** *** 103,108 **** --- 103,110 ---- LF = _PATH_CONSOLE; if (cgetstr(bp, "sd", &SD) == -1) SD = _PATH_DEFSPOOL; + if (cgetnum(bp, "du", &DU) < 0) + DU = DEFUID; if (cgetstr(bp, "lo", &LO) == -1) LO = DEFLOCK; *************** *** 188,194 **** (void) write(1, "\2", 1); continue; } ! if (!readfile(tfname, size)) { rcleanup(0); continue; } --- 190,196 ---- (void) write(1, "\2", 1); continue; } ! if (!readfile(tfname, size, 1)) { rcleanup(0); continue; } *************** *** 214,220 **** if (strchr(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); ! (void) readfile(dfname, size); continue; } frecverr("protocol screwup: %s", line); --- 216,222 ---- if (strchr(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); ! (void) readfile(dfname, size, 0); continue; } frecverr("protocol screwup: %s", line); *************** *** 225,233 **** * Read files send by lpd and copy them to the spooling directory. */ static int ! readfile(file, size) char *file; int size; { register char *cp; char buf[BUFSIZ]; --- 227,236 ---- * Read files send by lpd and copy them to the spooling directory. */ static int ! readfile(file, size, grant) char *file; int size; + int grant; { register char *cp; char buf[BUFSIZ]; *************** *** 237,242 **** --- 240,247 ---- fd = open(file, O_CREAT|O_EXCL|O_WRONLY, FILMOD); if (fd < 0) frecverr("readfile: %s: illegal path name: %m", file); + if (grant) + (void) fchown(fd, DU, -1); /* owned by daemon for protection */ ack(); err = 0; for (i = 0; i < size; i += BUFSIZ) { >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message