Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!mcvax!inria!axis!philip
From: philip@axis.fr (Philip Peake)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <297@axis.fr>
Date: Mon, 7-Sep-87 16:41:08 EDT
Article-I.D.: axis.297
Posted: Mon Sep  7 16:41:08 1987
Date-Received: Thu, 10-Sep-87 06:45:09 EDT
References: <313@pvab.UUCP>
Organization: Axis Digital, Paris
Lines: 13
Summary: Standard input
Xref: mnetor comp.unix.questions:3955 comp.bugs.sys5:191

In article <313@pvab.UUCP>, robert@pvab.UUCP (Robert Claeson) writes:
> The System V print spooler runs as a SUID 'lp' command, which
> means that the files I want to print must be readable by others or,
> if I'm lucky, by the group. This implies that anyone on the system
> will be able to print, copy or read the files I want to be able
> to print.

You feed your program to lp on its standard input.
Only you have to be able to read the file to do this.
The file will then be copied into a spool directory readable only
by lp. No problem.

Philip