Date: Tue, 22 Jul 1997 18:56:09 -0600 From: Warner Losh <imp@rover.village.org> To: current@freebsd.org Subject: lpr/lpd changes Message-ID: <E0wqpir-0004dK-00@rover.village.org>
next in thread | raw e-mail | index | archive | help
I'm in the process of making a bunch of lpr/lpd security changes from OpenBSD. There have been a bunch since the last merge that I did. I'm doing this in stages to try to isolate where problems crop up. The first set is merging NetBSD/OpenBSD's seteuid() patches so that lpr/lpd runs at a minimum privs most of the time. A few buffer overflowish patches snuck in because they were close to the seteuid stuff in the diffs. I say NetBSD/OpenBSD because I can't tell for sure from the OpenBSD CVS tree where exactly they came from, but it looks like they modified them slightly from the NetBSD version (and I've not checked NetBSD to see if they have the same changes too). So no offense is intended if I have misattributed these patches, but I did my best to not do that. The next set will be a boatload of buffer overflows (some of which aren't possible, or are possible only as root, but some look dangerous). Please let me know if I've broken anything. Once these patches have been vetted in -current, I plan on merging back into 2.2. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wqpir-0004dK-00>