Date: Mon, 20 Apr 1998 10:00:17 +1000 (EST) From: Peter Jeremy <Peter.Jeremy@alcatel.com.au> To: freebsd-security@FreeBSD.ORG Subject: Re: suid/sgid programs Message-ID: <199804200000.KAA16875@gsms01.alcatel.com.au>
next in thread | raw e-mail | index | archive | help
On Mon, 20 Apr 1998 00:09:43 +0000, Niall Smart <rotel@indigo.ie> wrote: > lpd can be root.wheel 770 and immediately >setuid to "lp" after opening the socket. This means that lpd may not be able to read the user's file. Either lpr has to always copy the file to be printed (which is slow and may mean lots of spool space), or you can only print world-readable files. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804200000.KAA16875>