Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!sunybcs!boulder!hao!oddjob!gargoyle!ihnp4!homxb!mtuxo!mtune!codas!killer!academ!uhnix1!sugar!peter
From: peter@sugar.UUCP
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <713@sugar.UUCP>
Date: Sat, 12-Sep-87 11:01:26 EDT
Article-I.D.: sugar.713
Posted: Sat Sep 12 11:01:26 1987
Date-Received: Sat, 19-Sep-87 06:47:45 EDT
References: <313@pvab.UUCP> <193@sortac.UUCP> <2028@ihlpe.ATT.COM> <27485@sun.uucp>
Organization: Sugar Land UNIX - Houston, TX
Lines: 13
Xref: utgpu comp.unix.questions:3694 comp.bugs.sys5:221
Summary: Wow, everyone's missing the point again...

The problem with the various schemes that involve doing setuids and reading
the files is that when you normally run lp...

	lp does not copy the file

It just sticks the file name in the spool directory. Saves bundles of disk
space. The only times it copies the file are:

	(a) The file is standard input, or
	(b) you specify the "-c" option on the command line.
-- 
-- Peter da Silva `-_-' ...!hoptoad!academ!uhnix1!sugar!peter
--                 'U`      ^^^^^^^^^^^^^^ Not seismo!soma (blush)