On Sun, 9 Jul 2000 [EMAIL PROTECTED] wrote:
> Lars Kellogg-Stedman <[EMAIL PROTECTED]> was asking why
> the 'lpd -L file' option required the file to exist.
>
> As part of the reply, I explained that:
>
> if lpd was installed SETUID root
> AND
> if the user was able to do 'lpd -L /..../file'
> AND
> the file was writeable by the user that 'lpd' was running
> as
>
> THEN the file would have junk appended to the end of it.
>
> This is the reason why you do not install lpd SETUID root.
>
> So if you have your 'lpd' program installed 'setuid root' then
> I recommend that you remove the setuid ASAP.
I have LPRng 3.6.12 installed, and it appears that:
lpd
lpc
lpq
lpr
lprm
lpstat
are suid root. I have just removed suid from lpd. Do any of these other
utilities need to be suid? What are the consequences of removing suid on
each of these?
I don't have any local users on this machine, but I do call some of these
programs from perl cgi scripts and from samba/netatalk.
Does lpstat do anything which lpq doesn't? Is this just a replacement for
systems which have lpstat normally?
Thanks,
Andy
-----------------------------------------------------------------------------
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
