From owner-freebsd-questions  Sun Aug 16 07:28:50 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA15854
          for freebsd-questions-outgoing; Sun, 16 Aug 1998 07:28:50 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from sussie.datadesign.se (ns.datadesign.se [194.23.109.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA15827;
          Sun, 16 Aug 1998 07:28:37 -0700 (PDT)
          (envelope-from kaj@interbizz.se)
Received: from localhost (sussie.datadesign.se [194.23.109.130])
	by sussie.datadesign.se (8.8.5/8.8.7) with ESMTP id QAA16228;
	Sun, 16 Aug 1998 16:24:36 +0200 (MET DST)
To: andre.albsmeier@mchp.siemens.de
Cc: cschuber@uumail.gov.bc.ca, imp@village.org, freebsd-questions@FreeBSD.ORG,
        freebsd-stable@FreeBSD.ORG
Cc: kaj@interbizz.se
Subject: Re: Found reason why lpr -r -s doesn't work as expected
From: Rasmus Kaj <kaj@interbizz.se>
In-Reply-To: Your message of "Sun, 16 Aug 1998 15:45:28 +0200 (CEST)"
	<199808161345.PAA19691@internal>
References: <199808161345.PAA19691@internal>
X-Mailer: Mew version 1.92.4 on XEmacs 20.4 (Emerald)
X-URL: http://www.e.kth.se/~kaj/
X-Phone: +46 (0)8 - 692 35 09  /  +46 (0)70 640 49 14
X-Attribution: Kaj
X-Face: M9cR~WYav<"fu%MaslX0`43PAYY?uIsM8[#E(0\Xuy9rj>4gE\h3jm.7DD?]R8*^7T\o&vT
 U@[53Dwkuup4[0@gw#~kyu>`unH?kVj9CJa02(h>Ki\+i=%rn%sDf^KC.!?IHkKjMAbkd\jgmphp^'
 d|Q;OeXEAhq?ybGqOs1CHb6TJT42'C`Krnk61//AOfXtNjj/t'`5>Vw0QX!dKfOL$.f+S"LIuwR<;I
 Z0Qnnx(F^F]o@*V%TUtEV'1Z[TkOl^FFV9Z~A[b19%}uP*,huCU
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <19980816162435K.kaj@interbizz.se>
Date: Sun, 16 Aug 1998 16:24:35 +0200
X-Dispatcher: imput version 971024
Lines: 23
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>>>> "AA" == Andre Albsmeier <andre.albsmeier@mchp.siemens.de> writes:

 >> No.  By revoking remote access to your lpd, e.g. firewall, you would 
 >> still have an exposure that local users could exploit, which in this 
 >> case revoking access to local users would solve the problem.  I think 
 >> you get the picture...

 AA> OK, thanks for the info. I have now changed printjob.c so that
 AA> removing files containing '/' still is forbidden except when it
 AA> starts with '/var/spool/samba/'. It's ugly but works. 

A 'serious' way to fix this (IMHO) would be to make lpd su to the user 
that requested the printout before removing any file at all. But this
would probably be very hard to do ... Obvious catch: a remote user
might print without even having an account on the host where lpd
runns.

// Rasmus

-- 
kaj@cityonline.se --------------- Rasmus Kaj - http://www.e.kth.se/~kaj/
 \               CityOnLine IB Production AB - http://www.CityOnLine.se/
  \------------------- HELP!  MY TYPEWRITER IS BROKEN! -- E. E. CUMMINGS

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message