Date: Sat, 15 Aug 1998 06:31:54 -0700 From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca> To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Cc: imp@village.org (Warner Losh), freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: Found reason why lpr -r -s doesn't work as expected Message-ID: <199808151331.GAA01035@cwsys.cwsent.com> In-Reply-To: Your message of "Sat, 15 Aug 1998 14:20:25 %2B0200." <199808151220.OAA17442@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
> > In message <199808141807.UAA13224@internal> Andre Albsmeier writes: > > : if (strchr(line+1, '/')) > > : continue; > > : This disables the removement of files starting with '/'. This was > > : introduced in version 1.14 according to the CVS log. However, I didn't > > : find an explanation why this change was made. Is it a security hole? > > > > Without this fix, people could remove any file on your system by > > having remote print access. > > OK, and if remote access is disabled would it be safe? Have you got > any references how this exploit exactly works so I can figure out > what to do in order to be able to remove both files and without > making my machine insecure... No. By revoking remote access to your lpd, e.g. firewall, you would still have an exposure that local users could exploit, which in this case revoking access to local users would solve the problem. I think you get the picture... Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808151331.GAA01035>