Date: Sat, 15 Aug 1998 14:20:25 +0200 (CEST) From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: imp@village.org (Warner Losh) Cc: andre.albsmeier@mchp.siemens.de, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Found reason why lpr -r -s doesn't work as expected Message-ID: <199808151220.OAA17442@internal> In-Reply-To: <199808142026.OAA17025@harmony.village.org> from Warner Losh at "Aug 14, 98 02:26:05 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <199808141807.UAA13224@internal> Andre Albsmeier writes: > : if (strchr(line+1, '/')) > : continue; > : This disables the removement of files starting with '/'. This was > : introduced in version 1.14 according to the CVS log. However, I didn't > : find an explanation why this change was made. Is it a security hole? > > Without this fix, people could remove any file on your system by > having remote print access. OK, and if remote access is disabled would it be safe? Have you got any references how this exploit exactly works so I can figure out what to do in order to be able to remove both files and without making my machine insecure... Thanks a lot, -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808151220.OAA17442>