Date: Fri, 18 Sep 1998 15:33:18 +0200 (CEST) From: cejkar@dcse.fee.vutbr.cz To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7973: lpd: Bad control file owner in case of remote printing Message-ID: <199809181333.PAA04924@kazi.dcse.fee.vutbr.cz>
next in thread | raw e-mail | index | archive | help
>Number: 7973
>Category: bin
>Synopsis: lpd: Bad control file owner in case of remote printing
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 18 11:20:02 PDT 1998
>Last-Modified:
>Originator: Rudolf Cejka
>Organization:
FEE TU Brno, Czech Republic
>Release: FreeBSD 2.2.7-STABLE, FreeBSD 3.0-CURRENT i386
>Environment:
Originally found in FreeBSD 2.2.7-STABLE, but FreeBSD 3.0-CURRENT
has the same problem.
>Description:
Hard for me to explain this but...
Problem is with /var/spool/lpd/*/cf* control files. If file is
printed locally (via lpr), cf* file is created with right
permissions: ls -l => -rw-rw---- 1 daemon daemon ... cf*.
But if file is printed remotely and cf* are creates by lpd,
cf* files have bad permissions:
ls -l => -rw-rw---- 1 root daemon ... cf*.
It has bad impact on print filters ("if" in printcap) which
extract some information from cf* control files. Filters
are executed with these ids: uid=1 (daemon) gid=0 (wheel).
They do not belong to wheel group.
(Line "daemon:*:1:daemon" in /etc/group doesn't help!)
So if file is received via network, print filter hasn't
permissions for reading control files.
(Patch changes root => daemon.)
>How-To-Repeat:
>Fix:
Here is my simple patch for FreeBSD 2.2.7-STABLE:
("$Id: recvjob.c,v 1.5.2.3 1997/10/06 04:21:33 imp Exp $";)
(In FreeBSD 3.0-CURRENT it is very similar - only lines 106-107
are unnecessary.)
*** recvjob.c.bad Fri Sep 18 13:33:13 1998
--- recvjob.c Fri Sep 18 14:41:14 1998
***************
*** 79,85 ****
static int noresponse __P((void));
static void rcleanup __P((int));
static int read_number __P((char *));
! static int readfile __P((char *, int));
static int readjob __P((void));
--- 79,85 ----
static int noresponse __P((void));
static void rcleanup __P((int));
static int read_number __P((char *));
! static int readfile __P((char *, int, int));
static int readjob __P((void));
***************
*** 103,108 ****
--- 103,110 ----
LF = _PATH_CONSOLE;
if (cgetstr(bp, "sd", &SD) == -1)
SD = _PATH_DEFSPOOL;
+ if (cgetnum(bp, "du", &DU) < 0)
+ DU = DEFUID;
if (cgetstr(bp, "lo", &LO) == -1)
LO = DEFLOCK;
***************
*** 188,194 ****
(void) write(1, "\2", 1);
continue;
}
! if (!readfile(tfname, size)) {
rcleanup(0);
continue;
}
--- 190,196 ----
(void) write(1, "\2", 1);
continue;
}
! if (!readfile(tfname, size, 1)) {
rcleanup(0);
continue;
}
***************
*** 214,220 ****
if (strchr(dfname, '/'))
frecverr("readjob: %s: illegal path name",
dfname);
! (void) readfile(dfname, size);
continue;
}
frecverr("protocol screwup: %s", line);
--- 216,222 ----
if (strchr(dfname, '/'))
frecverr("readjob: %s: illegal path name",
dfname);
! (void) readfile(dfname, size, 0);
continue;
}
frecverr("protocol screwup: %s", line);
***************
*** 225,233 ****
* Read files send by lpd and copy them to the spooling directory.
*/
static int
! readfile(file, size)
char *file;
int size;
{
register char *cp;
char buf[BUFSIZ];
--- 227,236 ----
* Read files send by lpd and copy them to the spooling directory.
*/
static int
! readfile(file, size, grant)
char *file;
int size;
+ int grant;
{
register char *cp;
char buf[BUFSIZ];
***************
*** 237,242 ****
--- 240,247 ----
fd = open(file, O_CREAT|O_EXCL|O_WRONLY, FILMOD);
if (fd < 0)
frecverr("readfile: %s: illegal path name: %m", file);
+ if (grant)
+ (void) fchown(fd, DU, -1); /* owned by daemon for protection */
ack();
err = 0;
for (i = 0; i < size; i += BUFSIZ) {
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809181333.PAA04924>