Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!ames!elroy!mahendo!jplgodo!wlbr!scgvaxd!stb!michael
From: michael@stb.UUCP (Michael)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <147@stb.UUCP>
Date: Fri, 11-Sep-87 15:36:23 EDT
Article-I.D.: stb.147
Posted: Fri Sep 11 15:36:23 1987
Date-Received: Sun, 13-Sep-87 09:49:02 EDT
References: <313@pvab.UUCP> <1284@mhres.mh.nl> <1986@kitty.UUCP>
Reply-To: michael@stb.UUCP (Michael)
Organization: STB BBS, LA, CA, USA, 90402, (213) 459-7231
Lines: 18
Xref: mnetor comp.unix.questions:4034 comp.bugs.sys5:216

If you are having problems with a setuid program not being able to acess files,
there is an old and working workaround: The set-G-id bit.

Try this:
	chown bin lp; chgrp lp lp; chmod 02755 lp
and
	chgrp lp /usr/spool/lpd; chmod g+w /usr/spool/lpd

Then lpr can queue files in lpd, but still read files based on the owner
permissions.

Note: lpr is not the only program with this problem. See at, several games,
and many others.

			Michael Gersten
-- 
: Michael Gersten		seismo!scgvaxd!stb!michael
: Copy protection? Just say "Off site backup"