Date: Wed, 19 Aug 1998 21:58:58 -0400 From: erics@now.com (Eric Siegerman) To: andre.albsmeier@mchp.siemens.de (Andre Albsmeier) Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Found reason why lpr -r -s doesn't work as expected Message-ID: <m0z9K0A-00002sC@business.now.com> In-Reply-To: <199808161345.PAA19691@internal> from "Andre Albsmeier" at Aug 16, 98 09:45:28 am
next in thread | previous in thread | raw e-mail | index | archive | help
Andre Albsmeier <andre.albsmeier@mchp.siemens.de> wrote: > I have now changed printjob.c so that removing > files containing '/' still is forbidden except when it starts with > '/var/spool/samba/'. It's ugly but works. But, I think this behaviuor > should be stated in the manual page of lpr. Now it says: > > -r Remove the file upon completion of spooling or upon completion of > printing (with the -s option). > > -s Use symbolic links. Usually files are copied to the spool direc- > tory. The -s option will use symlink(2) to link data files > rather than trying to copy them so large files can be printed. Why not instead make "lpr -r" (without -s) act like mv(1): try to rename the file into /var/spool/output, and only copy-and-unlink if the rename fails? If you have /var/spool/samba and /var/spool/output on the same filesystem, you'd avoid the extra file copy, without introducing either new security holes or the ugly special case. (One could conceivably go a step further by having "lpr" (with neither -r nor -s) try to hard-link the file into the spool directory. Bad idea; it would change the original file's st_ctime behind the user's back, when they thought they were only reading the file.) Rasmus Kaj <kaj@interbizz.se> wrote: > A 'serious' way to fix this (IMHO) would be to make lpd su to the user > that requested the printout before removing any file at all. But this > would probably be very hard to do ... Obvious catch: a remote user > might print without even having an account on the host where lpd > runns. Well, any file that wasn't created by lpr. Otherwise it'd keep lpd from removing files from /var/spool/output. Besides which, as you were probably thinking, this would require adding -- and security-auditing -- machinery to pass the userid from lpr to lpd. -- | | /\ |-_|/ > Eric Siegerman, Toronto, Ont. erics@now.com | | / The Rock & Roll Baby Theorem: Syllables(x+"baby") = Syllables("baby"+x) = Syllables(x) + 2 SemanticContent(x+"baby") = SemanticContent("baby"+x) = SemanticContent(x) - Anonymous To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0z9K0A-00002sC>