Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Apr 1998 19:09:46 -0500
From:      Karl Denninger  <karl@mcs.net>
To:        Peter Jeremy <Peter.Jeremy@alcatel.com.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: suid/sgid programs
Message-ID:  <19980419190946.52003@mcs.net>
In-Reply-To: <199804200000.KAA16875@gsms01.alcatel.com.au>; from Peter Jeremy on Mon, Apr 20, 1998 at 10:00:17AM %2B1000
References:  <199804200000.KAA16875@gsms01.alcatel.com.au>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 20, 1998 at 10:00:17AM +1000, Peter Jeremy wrote:
> On Mon, 20 Apr 1998 00:09:43 +0000, Niall Smart <rotel@indigo.ie> wrote:
> >  lpd can be root.wheel 770 and immediately
> >setuid to "lp" after opening the socket.
> This means that lpd may not be able to read the user's file.  Either
> lpr has to always copy the file to be printed (which is slow and may
> mean lots of spool space), or you can only print world-readable files.
> 
> Peter
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message

Ding ding ding ding.

Give that man a cigar.

Look at how System V "lp" handled this.  Either you make the file
world-readable, or lp copied it (you had to tell it to do the second).

You can bitch if the file is NOT world-readable when you attempt to queue
it, of course; test for that at the time you queue the job.

The consequences of not copying the file are non-obvious and burn people all
the time.  If you queue a file and change the contents before or during the 
print operation, you're going to get something other than what you expected.
If you REMOVE the file, nothign gets printed at all (lpd doesn't hold the FD
open, so you get screwed).  I've seen plenty of people get "surprised" by
this behavior.

Finally, lpr is often (perhaps even primarily) used in a pipeline.  
In that context it has to make a copy of the data.

The entire lpd suite needs help anyway.  I keep threatening to write a
replacement (in my own mind) as all of the ones I've seen, including plp
(which is the best of them that I've run into so far) still only get it 
half right.  Part of the problem, though is that you want to maintain
backward compatibility with the old protocol for obvious reasons.

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
			     | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980419190946.52003>