Did anyone else get the RH security advisory re:lpr lpd permissions ?
Does Mandrake follow up with mdk-versions on this or is it a non-issue
with this distribution?
Will installing such updates from redhat cause probs as in the Oct-Gnome
release?
"There are two problems in the lpr and lpd programs. By
exploiting a race between the access check and the actual
file opening, it is potentially possible to have lpr read
a file as root that the user does not have access to. Also,
the lpd program would blindly open queue files as root; by
use of the '-s' flag to lpr, it was possible to have lpd print
files that the user could not access."
I have noticed on ocassion RH posted updates but not always subsequent
updates by Mandrake. This is a very "grey area" for me?
William Bouterse
Juneau Alaska
