Date: Fri, 1 Nov 1996 17:07:32 -0800 (PST) From: Doug White <dwhite@gdi.uoregon.edu> To: "S(pork)" <spork@super-g.com> Cc: freebsd-questions@freebsd.org Subject: Re: lpr hole Message-ID: <Pine.BSI.3.94.961101170624.4938I-100000@gdi.uoregon.edu> In-Reply-To: <Pine.LNX.3.92.961030091845.12397A-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Oct 1996, S(pork) wrote: > I recently found an exploit for lpr that will allow root access by anyone > with an account on the system. As far as I know, this affects all FBSD. > A temp fix is to chmod -s it, but I wonder if anyone has a patch for this. > The exploit itself has been around for a while, but it seems to be > resurfacing (as they always do) and coming into vogue... From what I > gather it's some sort of race/overflow thing that makes lpr make you a > nice little root owned SUID shell. I also have a few other little things > I've found; is there any sort of security related list/archive for FBSD? > CERT is so ridiculously behind on these things it's not even funny. This came up on PLP list. Apparently that is a long-known bug. If you use a replacement lpr (for example LPRng which I have here) it is more careful to not run as root and that can limit the damage. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.961101170624.4938I-100000>