From owner-freebsd-stable Sun Aug 16 07:45:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA17695 for freebsd-stable-outgoing; Sun, 16 Aug 1998 07:45:52 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA17660 for ; Sun, 16 Aug 1998 07:45:38 -0700 (PDT) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail.siemens.de (salomon.siemens.de [139.23.33.13]) by david.siemens.de (8.9.1/8.9.1) with ESMTP id QAA23168 for ; Sun, 16 Aug 1998 16:45:05 +0200 (MET DST) Received: from curry.mchp.siemens.de (daemon@curry.mchp.siemens.de [146.180.31.23]) by mail.siemens.de (8.9.1/8.9.1) with ESMTP id QAA18406 for ; Sun, 16 Aug 1998 16:45:04 +0200 (MET DST) Received: (from daemon@localhost) by curry.mchp.siemens.de (8.8.8/8.8.8) id QAA24964 for ; Sun, 16 Aug 1998 16:45:02 +0200 (CEST) From: Andre Albsmeier Message-Id: <199808161444.QAA04591@internal> Subject: Re: Found reason why lpr -r -s doesn't work as expected In-Reply-To: <19980816162435K.kaj@interbizz.se> from Rasmus Kaj at "Aug 16, 98 04:24:35 pm" To: kaj@interbizz.se (Rasmus Kaj) Date: Sun, 16 Aug 1998 16:44:57 +0200 (CEST) Cc: andre.albsmeier@mchp.siemens.de, cschuber@uumail.gov.bc.ca, imp@village.org, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG, kaj@interbizz.se X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > >>>>> "AA" == Andre Albsmeier writes: > > >> No. By revoking remote access to your lpd, e.g. firewall, you would > >> still have an exposure that local users could exploit, which in this > >> case revoking access to local users would solve the problem. I think > >> you get the picture... > > AA> OK, thanks for the info. I have now changed printjob.c so that > AA> removing files containing '/' still is forbidden except when it > AA> starts with '/var/spool/samba/'. It's ugly but works. > > A 'serious' way to fix this (IMHO) would be to make lpd su to the user > that requested the printout before removing any file at all. But this > would probably be very hard to do ... Obvious catch: a remote user > might print without even having an account on the host where lpd > runns. I thought of similar things but haven't come to a handy solution yet... I don't know a lot about lpr/lpd interaction and how the cf files are created and how remote printing works in detail. But maybe one day I'll have a look at this. It's really annoying, especially because samba prints with 'lpr -r -s'... -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message