Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!mit-eddie!ll-xn!ames!oliveb!pyramid!uccba!hal!ncoast!allbery From: allbery@ncoast.UUCP (Brandon Allbery) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SysV lp spooler a security hole Message-ID: <4509@ncoast.UUCP> Date: Sat, 12-Sep-87 15:43:34 EDT Article-I.D.: ncoast.4509 Posted: Sat Sep 12 15:43:34 1987 Date-Received: Wed, 16-Sep-87 01:39:10 EDT References: <313@pvab.UUCP> <6410@brl-smoke.ARPA> Reply-To: allbery@ncoast.UUCP (Brandon Allbery) Followup-To: comp.unix.questions Organization: Cleveland Public Access UN*X, Cleveland, Oh Lines: 19 Xref: mnetor comp.unix.questions:4074 comp.bugs.sys5:220 As quoted from <6410@brl-smoke.ARPA> by gwyn@brl-smoke.ARPA (Doug Gwyn ): +--------------- | In article <313@pvab.UUCP> robert@pvab.UUCP (Robert Claeson) writes: | I don't know much about System V "lp" (we use MDQS), but just because | the spooler is set-UID non-root does NOT necessarily imply a security | hole. System V is capable of switching back and forth between the real | UID and the effective UID as required; if the spooler is correctly +--------------- But lp doesn't use it, at least on Plexus sys3 (yes, it has the System V spooler) and Plexus sys5, both AT&T UNIX but neither of which has the uid swapping. -- Brandon S. Allbery, moderator of comp.sources.misc {{harvard,mit-eddie}!necntc,well!hoptoad,sun!mandrill!hal}!ncoast!allbery ARPA: necntc!ncoast!allbery@harvard.harvard.edu Fido: 157/502 MCI: BALLBERY <> All opinions in this message are random characters produced when my cat jumped (-: up onto the keyboard of my PC. :-)