Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1a 12/4/83; site rlgvax.UUCP
Path: utzoo!linus!decvax!harpo!seismo!rlgvax!guy
From: guy@rlgvax.UUCP (Guy Harris)
Newsgroups: net.bugs
Subject: Re: XENIX 1.3 and usr/spool - bug in V7/S3 spooler
Message-ID: <1548@rlgvax.UUCP>
Date: Sat, 14-Jan-84 15:55:10 EST
Article-I.D.: rlgvax.1548
Posted: Sat Jan 14 15:55:10 1984
Date-Received: Sun, 15-Jan-84 06:00:47 EST
References: <4902@uiucdcs.UUCP>
Organization: CCI Office Systems Group, Reston, VA
Lines: 19

This looks like an extra link made to "/usr" in "/usr/spool/lpd" (the
"lfaXXXXX" files are made when a print job is queued and the file to
be printed is on the same file system as "/usr/spool/lpd").  The
S3 spooler (the V7 spooler is almost identical) does *not* check whether
a file to be printed is a directory, and it may run set-UID to root, so it
can (and probably will) make a link to that directory in "/usr/spool/lpd"
if that directory is on the same file system.  So if somebody says

	lpr /usr

this could happen, and would confuse the heck out of UNIX.  Those spoolers
should probably be modified to refuse to print a directory - since directories
are binary files, I can't imagine any printer which would do something
meaningful if you shoved the contents of that directory file a byte at a time
to them.  Any other spoolers which make links like this should also be fixed
in the same fashion.

	Guy Harris
	{seismo,ihnp4,allegra}!rlgvax!guy