From owner-freebsd-hackers  Wed Aug 18 15:14:41 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7])
	by hub.freebsd.org (Postfix) with ESMTP id 465E214EAC
	for <hackers@FreeBSD.ORG>; Wed, 18 Aug 1999 15:14:38 -0700 (PDT)
	(envelope-from drosih@rpi.edu)
Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47])
	by mail1.its.rpi.edu (8.9.3/8.9.3) with ESMTP id SAA25820;
	Wed, 18 Aug 1999 18:14:48 -0400
Mime-Version: 1.0
X-Sender: drosih@mail.rpi.edu
Message-Id: <v0421010fb3e0de64f102@[128.113.24.47]>
In-Reply-To: 
 <Pine.NEB.3.96.990818084611.33224A-100000@shell-2.enteract.com>
References: <Pine.NEB.3.96.990818084611.33224A-100000@shell-2.enteract.com>
Date: Wed, 18 Aug 1999 18:15:05 -0400
To: David Scheidt <dscheidt@enteract.com>
From: Garance A Drosihn <drosih@rpi.edu>
Subject: Re: lpd security check for changed-file vs NFS
Cc: Matthew Dillon <dillon@apollo.backplane.com>, hackers@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 8:48 AM -0500 8/18/99, David Scheidt wrote:
>On Tue, 17 Aug 1999, Garance A Drosihn wrote:
>
> > At 6:37 PM -0700 8/17/99, Matthew Dillon wrote:
> > >    If you removed the stat test, I would simply get rid of the -s
> > >    option entirely - require that all files be queued to the print
> > >    spool.
> >
> > The administration would kill me.  I would prefer to avoid that.
> >
> > (note that the check isn't completely removed, it's "only" nullified
> > for NFS-mounted files.  We use AFS for most things here, so the vast
>
>Couldn't you turn it off only for NFS mounted files?

I first took this to mean "turn off the security check", but now I see
it means "turn off the -s option".  In thinking about this suggestion,
I think that as long as I allow-but-ignore the option for nfs files, it
might work out better than I initially thought it would.   I don't want
to completely reject '-s' because they have that embedded in a lot of
scripts and canned procedures that I doubt they want to search for right
now.  But just ignoring the option for NFS files might not be too bad.

I do keep thinking that they would have a fit if some 'lpr -s' didn't
work because it ran out of space to copy the file into the spool
directory.  Still, I'll have to think about this some more.  Thanks.


> > Any advice on how to kick AIX so the st_dev+st_ino check will work
> > right is also welcome.  It baffles me why AIX does things the way it
> > does.  It kinda looks like the values it uses are pointers to some
>
>The joke about AIX is that it was created by aliens who were given the
>UNIX documentation, but no example system.  I have seen very little
>that suggests this to be untrue.

Everytime I start thinking "well AIX isn't TOO bad", something like
this comes along to remind me...


---
Garance Alistair Drosehn           =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer          or  drosih@rpi.edu
Rensselaer Polytechnic Institute


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message