Date: Fri, 10 Dec 1999 07:42:05 +0100 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Alfred Perlstein <bright@wintelcom.net> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, Warner Losh <imp@village.org>, Garance A Drosihn <drosih@rpi.edu>, current@FreeBSD.ORG Subject: Re: NO! Re: [PATCHES] Two fixes for lpd/lpc for review and test Message-ID: <19991210074205.B12325@internal> In-Reply-To: <Pine.BSF.4.21.9912091427240.4557-100000@fw.wintelcom.net>; from bright@wintelcom.net on Thu, Dec 09, 1999 at 03:02:41PM -0800 References: <19991209153320.A62121@internal> <Pine.BSF.4.21.9912091427240.4557-100000@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 09-Dec-1999 at 15:02:41 -0800, Alfred Perlstein wrote:
> On Thu, 9 Dec 1999, Andre Albsmeier wrote:
>
> ...
>
> > For better reference, here is the current patch:
> >
> > *** lpr.c.ORI Thu Dec 9 15:30:18 1999
> > --- lpr.c Thu Dec 9 15:30:35 1999
> > ***************
> > *** 370,375 ****
> > --- 370,405 ----
> > }
> > if (sflag)
> > printf("%s: %s: not linked, copying instead\n", name, arg);
> > + /*
> > + * If lpr was invoked with -r we try to move the file to
> > + * be printed instead of copying and deleting it later.
> > + * This works if the file and lpd's spool directory are
> > + * on the same filesystem as it is often the case for files
> > + * printed by samba or pcnfsd. In this case, a lot of I/O
> > + * and temporary disk space can be avoided. Otherwise, we
> > + * will continue normally.
> > + */
> > + if (f) { /* file should be deleted */
> > + seteuid(euid); /* needed for rename() */
> > + if (!rename(arg, dfname)) {
> > + int i;
> > + #if 0
> > + chown(dfname, userid, getegid());
> > + chmod(dfname, S_IRUSR | S_IWUSR |
> > + S_IRGRP | S_IWGRP);
> > + #endif
> > + seteuid(uid); /* restore old uid */
> > + if (format == 'p')
> > + card('T', title ? title : arg);
> > + for (i = 0; i < ncopies; i++)
> > + card(format, &dfname[inchar-2]);
> > + card('U', &dfname[inchar-2]);
> > + card('N', arg);
> > + nact++;
> > + continue;
> > + }
> > + seteuid(uid); /* restore old uid */
> > + }
> > if ((i = open(arg, O_RDONLY)) < 0) {
> > printf("%s: cannot open %s\n", name, arg);
> > } else {
> >
> >
>
> I don't have too much time to think about this, argue me this:
Sure, please tell me if you don't want to get CC'ed on this anymore.
>
> why should I allow a user to print any file on the system?
>
> the race condition is still there.
Right :-(. The file won't be given to the user anymore but he can
print everything. However, there must be a solution for this...
>
> -Alfred
>
-Andre
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991210074205.B12325>