Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!hao!oddjob!gargoyle!ihnp4!ihlpe!daryl
From: daryl@ihlpe.ATT.COM (Daryl Monge)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <2028@ihlpe.ATT.COM>
Date: Wed, 9-Sep-87 00:09:31 EDT
Article-I.D.: ihlpe.2028
Posted: Wed Sep  9 00:09:31 1987
Date-Received: Thu, 10-Sep-87 07:15:37 EDT
References: <313@pvab.UUCP> <193@sortac.UUCP>
Organization: Engineering Design Process Department, AT&T Bell Labs
Lines: 20
Summary: fix it
Xref: mnetor comp.unix.questions:3959 comp.bugs.sys5:194

In article <193@sortac.UUCP>, pls@sortac.UUCP (Pat Sullivan) writes:
> In article <313@pvab.UUCP> robert@pvab.UUCP (Robert Claeson) writes:
> >The System V print spooler runs as a SUID 'lp' command, which
> >means that the files I want to print must be readable by others
> 
> Not really; all you need to do is "lp < secretstuff".
> 

There were several responses to this, all of which missed the point: 
in my opinion, THIS IS A BUG IN LP.

Lets supply some possible solutions, since this is a more general problem
in UNIX land.  One possibility is to open the file and fork/exec a subprocess
that is setuid that does the I/O.  Drawbacks include performance problems.

Further comments?

Daryl Monge				UUCP:	...!ihnp4!ihcae!daryl
AT&T					CIS:	72717,65
Bell Labs, Naperville, Ill		AT&T	312-979-3603