From owner-freebsd-stable  Sat Aug 15 07:05:51 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA00330
          for freebsd-stable-outgoing; Sat, 15 Aug 1998 07:05:51 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA00311;
          Sat, 15 Aug 1998 07:05:49 -0700 (PDT)
          (envelope-from cy@cschuber.net.gov.bc.ca)
Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id GAA28885; Sat, 15 Aug 1998 06:32:36 -0700 (PDT)
Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com"
 via SMTP by passer.osg.gov.bc.ca, id smtpdJ28878; Sat Aug 15 06:32:14 1998
Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.1/8.6.10) id GAA01035; Sat, 15 Aug 1998 06:31:59 -0700 (PDT)
Message-Id: <199808151331.GAA01035@cwsys.cwsent.com>
Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys"
 via SMTP by localhost.cwsent.com, id smtpdzo1026; Sat Aug 15 06:31:56 1998
X-Mailer: exmh version 2.0.2 2/24/98
Reply-to: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
X-Sender: cy
To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
cc: imp@village.org (Warner Losh), freebsd-questions@FreeBSD.ORG,
        freebsd-stable@FreeBSD.ORG
Subject: Re: Found reason why lpr -r -s doesn't work as expected 
In-reply-to: Your message of "Sat, 15 Aug 1998 14:20:25 +0200."
             <199808151220.OAA17442@internal> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 15 Aug 1998 06:31:54 -0700
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > In message <199808141807.UAA13224@internal> Andre Albsmeier writes:
> > :                         if (strchr(line+1, '/'))
> > :                                 continue;
> > : This disables the removement of files starting with '/'. This was
> > : introduced in version 1.14 according to the CVS log. However, I didn't
> > : find an explanation  why this change was made. Is it a security hole?
> > 
> > Without this fix, people could remove any file on your system by
> > having remote print access.
> 
> OK, and if remote access is disabled would it be safe? Have you got
> any references how this exploit exactly works so I can figure out
> what to do in order to be able to remove both files and without
> making my machine insecure...

No.  By revoking remote access to your lpd, e.g. firewall, you would 
still have an exposure that local users could exploit, which in this 
case revoking access to local users would solve the problem.  I think 
you get the picture...


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Open Systems Group          Internet:  cschuber@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Government of BC            




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message