Date: Fri, 18 Sep 1998 15:33:18 +0200 (CEST) From: cejkar@dcse.fee.vutbr.cz To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7973: lpd: Bad control file owner in case of remote printing Message-ID: <199809181333.PAA04924@kazi.dcse.fee.vutbr.cz>
next in thread | raw e-mail | index | archive | help
>Number: 7973 >Category: bin >Synopsis: lpd: Bad control file owner in case of remote printing >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 18 11:20:02 PDT 1998 >Last-Modified: >Originator: Rudolf Cejka >Organization: FEE TU Brno, Czech Republic >Release: FreeBSD 2.2.7-STABLE, FreeBSD 3.0-CURRENT i386 >Environment: Originally found in FreeBSD 2.2.7-STABLE, but FreeBSD 3.0-CURRENT has the same problem. >Description: Hard for me to explain this but... Problem is with /var/spool/lpd/*/cf* control files. If file is printed locally (via lpr), cf* file is created with right permissions: ls -l => -rw-rw---- 1 daemon daemon ... cf*. But if file is printed remotely and cf* are creates by lpd, cf* files have bad permissions: ls -l => -rw-rw---- 1 root daemon ... cf*. It has bad impact on print filters ("if" in printcap) which extract some information from cf* control files. Filters are executed with these ids: uid=1 (daemon) gid=0 (wheel). They do not belong to wheel group. (Line "daemon:*:1:daemon" in /etc/group doesn't help!) So if file is received via network, print filter hasn't permissions for reading control files. (Patch changes root => daemon.) >How-To-Repeat: >Fix: Here is my simple patch for FreeBSD 2.2.7-STABLE: ("$Id: recvjob.c,v 1.5.2.3 1997/10/06 04:21:33 imp Exp $";) (In FreeBSD 3.0-CURRENT it is very similar - only lines 106-107 are unnecessary.) *** recvjob.c.bad Fri Sep 18 13:33:13 1998 --- recvjob.c Fri Sep 18 14:41:14 1998 *************** *** 79,85 **** static int noresponse __P((void)); static void rcleanup __P((int)); static int read_number __P((char *)); ! static int readfile __P((char *, int)); static int readjob __P((void)); --- 79,85 ---- static int noresponse __P((void)); static void rcleanup __P((int)); static int read_number __P((char *)); ! static int readfile __P((char *, int, int)); static int readjob __P((void)); *************** *** 103,108 **** --- 103,110 ---- LF = _PATH_CONSOLE; if (cgetstr(bp, "sd", &SD) == -1) SD = _PATH_DEFSPOOL; + if (cgetnum(bp, "du", &DU) < 0) + DU = DEFUID; if (cgetstr(bp, "lo", &LO) == -1) LO = DEFLOCK; *************** *** 188,194 **** (void) write(1, "\2", 1); continue; } ! if (!readfile(tfname, size)) { rcleanup(0); continue; } --- 190,196 ---- (void) write(1, "\2", 1); continue; } ! if (!readfile(tfname, size, 1)) { rcleanup(0); continue; } *************** *** 214,220 **** if (strchr(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); ! (void) readfile(dfname, size); continue; } frecverr("protocol screwup: %s", line); --- 216,222 ---- if (strchr(dfname, '/')) frecverr("readjob: %s: illegal path name", dfname); ! (void) readfile(dfname, size, 0); continue; } frecverr("protocol screwup: %s", line); *************** *** 225,233 **** * Read files send by lpd and copy them to the spooling directory. */ static int ! readfile(file, size) char *file; int size; { register char *cp; char buf[BUFSIZ]; --- 227,236 ---- * Read files send by lpd and copy them to the spooling directory. */ static int ! readfile(file, size, grant) char *file; int size; + int grant; { register char *cp; char buf[BUFSIZ]; *************** *** 237,242 **** --- 240,247 ---- fd = open(file, O_CREAT|O_EXCL|O_WRONLY, FILMOD); if (fd < 0) frecverr("readfile: %s: illegal path name: %m", file); + if (grant) + (void) fchown(fd, DU, -1); /* owned by daemon for protection */ ack(); err = 0; for (i = 0; i < size; i += BUFSIZ) { >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809181333.PAA04924>