Date: Wed, 19 Aug 1998 21:58:58 -0400 From: erics@now.com (Eric Siegerman) To: andre.albsmeier@mchp.siemens.de (Andre Albsmeier) Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Found reason why lpr -r -s doesn't work as expected Message-ID: <m0z9K0A-00002sC@business.now.com> In-Reply-To: <199808161345.PAA19691@internal> from "Andre Albsmeier" at Aug 16, 98 09:45:28 am
next in thread | previous in thread | raw e-mail | index | archive | help
Andre Albsmeier <andre.albsmeier@mchp.siemens.de> wrote:
> I have now changed printjob.c so that removing
> files containing '/' still is forbidden except when it starts with
> '/var/spool/samba/'. It's ugly but works. But, I think this behaviuor
> should be stated in the manual page of lpr. Now it says:
>
> -r Remove the file upon completion of spooling or upon completion of
> printing (with the -s option).
>
> -s Use symbolic links. Usually files are copied to the spool direc-
> tory. The -s option will use symlink(2) to link data files
> rather than trying to copy them so large files can be printed.
Why not instead make "lpr -r" (without -s) act like mv(1): try
to rename the file into /var/spool/output, and only
copy-and-unlink if the rename fails? If you have
/var/spool/samba and /var/spool/output on the same filesystem,
you'd avoid the extra file copy, without introducing either new
security holes or the ugly special case.
(One could conceivably go a step further by having "lpr" (with
neither -r nor -s) try to hard-link the file into the spool
directory. Bad idea; it would change the original file's
st_ctime behind the user's back, when they thought they were only
reading the file.)
Rasmus Kaj <kaj@interbizz.se> wrote:
> A 'serious' way to fix this (IMHO) would be to make lpd su to the user
> that requested the printout before removing any file at all. But this
> would probably be very hard to do ... Obvious catch: a remote user
> might print without even having an account on the host where lpd
> runns.
Well, any file that wasn't created by lpr. Otherwise it'd keep
lpd from removing files from /var/spool/output. Besides which,
as you were probably thinking, this would require adding -- and
security-auditing -- machinery to pass the userid from lpr to
lpd.
--
| | /\
|-_|/ > Eric Siegerman, Toronto, Ont. erics@now.com
| | /
The Rock & Roll Baby Theorem:
Syllables(x+"baby") = Syllables("baby"+x) = Syllables(x) + 2
SemanticContent(x+"baby") = SemanticContent("baby"+x) = SemanticContent(x)
- Anonymous
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0z9K0A-00002sC>