Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!rutgers!ames!ptsfa!ihnp4!homxb!whuts!picuxa!tgr
From: tgr@picuxa.UUCP (Dr. Emilio Lizardo)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <298@picuxa.UUCP>
Date: Wed, 9-Sep-87 14:09:47 EDT
Article-I.D.: picuxa.298
Posted: Wed Sep  9 14:09:47 1987
Date-Received: Fri, 11-Sep-87 07:16:09 EDT
References: <313@pvab.UUCP> <193@sortac.UUCP> <7233@e.ms.uky.edu>
Organization: Trenton Home for the Criminally Insane
Lines: 32
Summary: use -t
Xref: mnetor comp.unix.questions:3973 comp.bugs.sys5:199

In article <7233@e.ms.uky.edu>, david@ms.uky.edu (David Herron -- Resident E-mail Hack) writes:
| In article <193@sortac.UUCP> pls@sortac.UUCP (Pat Sullivan) writes:
| >In article <313@pvab.UUCP> robert@pvab.UUCP (Robert Claeson) writes:
| >>
| >>  [ stuff about lp'd files must be readable; hence, no security
| >>
| >Not really; all you need to do is "lp < secretstuff".
| 
| Sorry, this isn't acceptible.  I want to have the file name on the
| banner page and "lp" has no way of finding out the file name.

Sorry, not an acceptable exception. Use "lp -tfile <file" to banner
the filename.  If that's too much typing, write an alias into your
environment. 

| Why can't lp do some IPC to a priviledged process to tell it 
| to print things?

If not done correctly, this would allow anyone to print any file!  The
security exists (although you have to do some extra work to get it);
why kludge the code and add more processes when you can hack the
stuff into your shell?


Seriously, in our environment, the biggest security hole caused by lp
is usually because the sysadm didn't disable the password entry for
lp (or bin or daemon or ...).
-- 
Tom Gillespie  ( ...ihnp4!picuxa!tgr) | (attmail!tgillespie) (201) 952-1178
AT&T/EDS Product Integration Center  299 Jefferson Rd. Parsippany NJ 07054

"Don't take life so serious ... it ain't nohow permanent."  -- Walt Kelly