Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!mcvax!mhres!jv
From: jv@mhres.mh.nl (Johan Vromans)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <1284@mhres.mh.nl>
Date: Mon, 7-Sep-87 04:18:27 EDT
Article-I.D.: mhres.1284
Posted: Mon Sep  7 04:18:27 1987
Date-Received: Tue, 8-Sep-87 01:48:44 EDT
References: <313@pvab.UUCP>
Organization: Multihouse N.V., The Netherlands
Lines: 25
Summary: use stdin
Xref: mnetor comp.unix.questions:3923 comp.bugs.sys5:185

In article <313@pvab.UUCP> robert@pvab.UUCP (Robert Claeson) writes:
>The System V print spooler runs as a SUID 'lp' command, which
>means that the files I want to print must be readable by others ...

I have encountered this question very often, and there is an easy
solution to it. Instead of using "lp filename" (which indeed requires the
indicated path to be accessible by the lp owner), you can use
"lp < filename". If you can read the file, you can print it this way.

>Shouldn't the System V print spooler be considered as a serious security
>hole?

Don't think so. See the above solution.

> Will it ever fit into a "secret" UNIX system?
                           ^^^^^^
I quess you mean "secure" UNIX. Although a "secret" UNIX could be
interesting ...



-- 
Johan Vromans                              | jv@mh.nl via European backbone
Multihouse N.V., Gouda, the Netherlands    | uucp: ..{?????!}mcvax!mh.nl!jv
"It is better to light a candle than to curse the darkness"