Xref: utzoo comp.bugs.sys5:1509 comp.bugs.4bsd:1796
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!caen!news.cs.indiana.edu!nstn.ns.ca!uupsi!ficc!peter
From: peter@ficc.ferranti.com (Peter da Silva)
Newsgroups: comp.bugs.sys5,comp.bugs.4bsd
Subject: Re: Servere bug in lp(1) - also security violater
Keywords: sort bug
Message-ID: <R0RA501@xds13.ferranti.com>
Date: 15 Apr 91 21:17:25 GMT
References: <1991Apr11.031926.19901@cs.uow.edu.au> <1950@ahds.UUCP>
Reply-To: peter@ficc.ferranti.com (Peter da Silva)
Organization: Xenix Support, FICC
Lines: 25

In article <1950@ahds.UUCP> dick@ahds.UUCP (Dick Heijne CCS/TS) writes:
> 	   lp works with a scheduler (lpr didn't), which is suid'd/sgid'd
> 	   to itself (i.e. lp/lp or lp/bin, varies per manufacturer), thus
> 	   arranging that private files CANNOT be printed,

Problem 1 is a major boner, but this can be handled just by doing:

	cat file | lp

> 	1. Who can tell me a way to get the sources of lpsched in order to
> 	   get rid of at least problem 1.

There are a couple of PD, freeware, or GNUware spoolers out there in the
various comp.sources.* archives.

> 	3. How to inform/discuss with the RIGHT people at AT&T (or Unix
> 	   Foundation or so it is called now, I think) to get rid of these
> 	   problems in the very near future

Ha. ha. ha. ha. ha. They can't even be convinced to get a summer student
to run through the sources replacing "cannot open FROBOZZ" with at *least*
perror.
-- 
Peter da Silva.  `-_-'  peter@ferranti.com
+1 713 274 5180.  'U`  "Have you hugged your wolf today?"