Servere bug in lp(1) - also security violater
Peter da Silva
peter at ficc.ferranti.com
Tue Apr 16 07:17:25 AEST 1991
In article <1950 at ahds.UUCP> dick at ahds.UUCP (Dick Heijne CCS/TS) writes:
> lp works with a scheduler (lpr didn't), which is suid'd/sgid'd
> to itself (i.e. lp/lp or lp/bin, varies per manufacturer), thus
> arranging that private files CANNOT be printed,
Problem 1 is a major boner, but this can be handled just by doing:
cat file | lp
> 1. Who can tell me a way to get the sources of lpsched in order to
> get rid of at least problem 1.
There are a couple of PD, freeware, or GNUware spoolers out there in the
various comp.sources.* archives.
> 3. How to inform/discuss with the RIGHT people at AT&T (or Unix
> Foundation or so it is called now, I think) to get rid of these
> problems in the very near future
Ha. ha. ha. ha. ha. They can't even be convinced to get a summer student
to run through the sources replacing "cannot open FROBOZZ" with at *least*
perror.
--
Peter da Silva. `-_-' peter at ferranti.com
+1 713 274 5180. 'U` "Have you hugged your wolf today?"
More information about the Comp.bugs.sys5
mailing list