From owner-freebsd-security Sun Apr 19 17:01:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA14782 for freebsd-security-outgoing; Sun, 19 Apr 1998 17:01:26 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gatekeeper.alcatel.com.au (gatekeeper.alcatel.com.au [203.17.66.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA14731 for ; Mon, 20 Apr 1998 00:01:13 GMT (envelope-from Peter.Jeremy@alcatel.com.au) Received: from mfg1.cim.alcatel.com.au ([139.188.23.1]) by gatekeeper.alcatel.com.au (PMDF V5.1-7 #U2695) with ESMTP id <01IW36W3ZPKW0006RL@gatekeeper.alcatel.com.au> for freebsd-security@FreeBSD.ORG; Mon, 20 Apr 1998 10:00:31 +1000 Received: from cbd.alcatel.com.au by cim.alcatel.com.au (PMDF V5.1-10 #23324) with ESMTP id <01IW36VXYGWWC2JTZT@cim.alcatel.com.au> for freebsd-security@FreeBSD.ORG; Mon, 20 Apr 1998 10:00:24 +1000 Received: from gsms01.alcatel.com.au by cbd.alcatel.com.au (PMDF V5.1-7 #U2695) with ESMTP id <01IW36VV5BM8AZTTP5@cbd.alcatel.com.au> for freebsd-security@FreeBSD.ORG; Mon, 20 Apr 1998 10:00:19 +1100 Received: (from jeremyp@localhost) by gsms01.alcatel.com.au (8.8.8/8.7.3) id KAA16875 for freebsd-security@FreeBSD.ORG; Mon, 20 Apr 1998 10:00:17 +1000 (EST) Date: Mon, 20 Apr 1998 10:00:17 +1000 (EST) From: Peter Jeremy Subject: Re: suid/sgid programs To: freebsd-security@FreeBSD.ORG Message-id: <199804200000.KAA16875@gsms01.alcatel.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Mon, 20 Apr 1998 00:09:43 +0000, Niall Smart wrote: > lpd can be root.wheel 770 and immediately >setuid to "lp" after opening the socket. This means that lpd may not be able to read the user's file. Either lpr has to always copy the file to be printed (which is slow and may mean lots of spool space), or you can only print world-readable files. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message