Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!mcvax!enea!pvab!robert
From: robert@pvab.UUCP (Robert Claeson)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <319@pvab.UUCP>
Date: Thu, 10-Sep-87 05:53:26 EDT
Article-I.D.: pvab.319
Posted: Thu Sep 10 05:53:26 1987
Date-Received: Sat, 12-Sep-87 15:32:06 EDT
References: <313@pvab.UUCP> <193@sortac.UUCP> <7233@e.ms.uky.edu>
Organization: Statskonsult Programvaruhuset AB, Sweden
Lines: 24
Xref: mnetor comp.unix.questions:3997 comp.bugs.sys5:208

In article <7233@e.ms.uky.edu>, david@ms.uky.edu (David Herron -- Resident E-mail Hack) writes:

> In article <193@sortac.UUCP> pls@sortac.UUCP (Pat Sullivan) writes:

> >In article <313@pvab.UUCP> robert@pvab.UUCP (Robert Claeson) writes:

> >>... anyone on the system
> >>will be able to print, copy or read the files ...

> >Not really; all you need to do is "lp < secretstuff".

> Sorry, this isn't acceptible.  I want to have the file name on the
> banner page and "lp" has no way of finding out the file name.
> 
> Why can't lp do some IPC to a priviledged process to tell it 
> to print things?

Yeah, have it talk to Berkeley's 'lpd' daemon. Then it will be able to
spool things over the network to other hosts, communication servers
or printer servers too.
-- 
Robert Claeson, System Administrator, PVAB, Box 4040, S-171 04 Solna, Sweden
eunet: robert@pvab
uucp:  sun!enea!pvab!robert