From owner-freebsd-stable  Sat Aug 15 05:21:05 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA21921
          for freebsd-stable-outgoing; Sat, 15 Aug 1998 05:21:05 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from david.siemens.de (david.siemens.de [192.35.17.14])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA21916
          for <freebsd-stable@FreeBSD.ORG>; Sat, 15 Aug 1998 05:21:04 -0700 (PDT)
          (envelope-from andre.albsmeier@mchp.siemens.de)
X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de)
Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13])
	by david.siemens.de (8.9.1/8.9.1) with ESMTP id OAA23083
	for <freebsd-stable@FreeBSD.ORG>; Sat, 15 Aug 1998 14:20:38 +0200 (MET DST)
Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23])
	by mail.siemens.de (8.9.1/8.9.1) with ESMTP id OAA09297
	for <freebsd-stable@FreeBSD.ORG>; Sat, 15 Aug 1998 14:20:38 +0200 (MET DST)
Received: (from daemon@localhost)
	by curry.mchp.siemens.de (8.8.8/8.8.8) id OAA19581
	for <freebsd-stable@FreeBSD.ORG>; Sat, 15 Aug 1998 14:20:34 +0200 (CEST)
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Message-Id: <199808151220.OAA17442@internal>
Subject: Re: Found reason why lpr -r -s doesn't work as expected
In-Reply-To: <199808142026.OAA17025@harmony.village.org> from Warner Losh at "Aug 14, 98 02:26:05 pm"
To: imp@village.org (Warner Losh)
Date: Sat, 15 Aug 1998 14:20:25 +0200 (CEST)
Cc: andre.albsmeier@mchp.siemens.de, freebsd-questions@FreeBSD.ORG,
        freebsd-stable@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL40 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> In message <199808141807.UAA13224@internal> Andre Albsmeier writes:
> :                         if (strchr(line+1, '/'))
> :                                 continue;
> : This disables the removement of files starting with '/'. This was
> : introduced in version 1.14 according to the CVS log. However, I didn't
> : find an explanation  why this change was made. Is it a security hole?
> 
> Without this fix, people could remove any file on your system by
> having remote print access.

OK, and if remote access is disabled would it be safe? Have you got
any references how this exploit exactly works so I can figure out
what to do in order to be able to remove both files and without
making my machine insecure...

Thanks a lot,

	-Andre

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message