Please do not use LPRng 3.7.5, 3.7.6. There is a possible
security problem with them.
Details:
In fixing a problem with 'additional groups' I wrote a routine
that got the group for use when running as a server and then set
the group and additional groups. This 'setgroup' should be done
ONLY for 'lpd'. The code that is in 3.7.5 and 3.7.6 does it for
lpq and lpr as well.
There is a possibility that by using this users could access files
for which the lpd user ('daemon' by default and 'lp' by on most
RedHat RPM installations) could read files which had group ownership
'daemon' (or lp).
Patrick ("Doh! I knew that! Dumb! Dumb!") Powell
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
