Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!kitty!larry From: larry@kitty.UUCP (Larry Lippman) Newsgroups: comp.unix.questions,comp.bugs.sys5 Subject: Re: SysV lp spooler a security hole Message-ID: <1986@kitty.UUCP> Date: Tue, 8-Sep-87 00:28:05 EDT Article-I.D.: kitty.1986 Posted: Tue Sep 8 00:28:05 1987 Date-Received: Tue, 8-Sep-87 06:33:06 EDT References: <313@pvab.UUCP> <1284@mhres.mh.nl> Organization: Recognition Research Corp., Clarence, NY Lines: 65 Summary: Comments on security and a few other lp spooler suggestions Xref: mnetor comp.unix.questions:3931 comp.bugs.sys5:186 In article <1284@mhres.mh.nl>, jv@mhres.mh.nl (Johan Vromans) writes: > >The System V print spooler runs as a SUID 'lp' command, which > >means that the files I want to print must be readable by others ... > > I have encountered this question very often, and there is an easy > solution to it. Instead of using "lp filename" (which indeed requires the > indicated path to be accessible by the lp owner), you can use > "lp < filename". If you can read the file, you can print it this way. Many "project" directories on our systems contain files which are not readable by "lp", so we have implemented some simple shell scripts in /usr/local/bin which take filenames as arguments, feed them to pr(1), and pipe them to lp(1). This makes the above rather simple; as a result, we almost never invoke lp(1) per se. > >Shouldn't the System V print spooler be considered as a serious security > >hole? > > Don't think so. See the above solution. Temporary files which are queued pending printing are contained in /usr/spool/lp/request/printer_name/job_id with permissions of 440 and owner of "lp" and group of "bin". This is reasonably secure, in case anyone was wondering. I personally find the Sys V lp spooler to be very useful and flexible, and offer the following suggestions for greater versatility. These are some non-obvious application possibilities (at least non-obvious to a beginner from reading the documentation). 1. There is no reason why more than one printer name cannot be associated with _one_ physical printer using _one_ physical I/O port. The usefulness here is to invoke the _same_ printer in a different fashion merely by specifying a different printer name as an lp(1) argument. For example, one name will invoke a laser printer for landscape printing (132 cols wide), with another name will invoke the laser printer for portrait printing (80 cols wide). The different setup commands for the laser printer are contained in the individual /usr/spool/lp/interface/printer_name shell scripts. 2. The lp spooler works fine with plotters and other display devices, and will pass 8-bit data from specified files very nicely. Some customization of the interface shell script is obviously required - but that is a relatively simple task. Once in that interface shell script, you can invoke custom programs before, during and after a printing (or plotting) job. 3. The lp spooler is an ideal way to manage terminals with printers connected to their aux ports. Using lpadmin(1M), create a printer name associated with a specific tty port. The interface shell script should contain the escape sequences necessary to turn on the aux port, print the job, and then restore the terminal. I find this to be much more convenient than using the printing function keys on a terminal. The above applications can all be implemented using the lpadmin(1M) lp spooler administration command. Some "high level" printer administration programs - AT&T UNIX PC, NCR Tower, etc. - will not permit the above implementations, so you will have to use lpadmin(1M) by hand. As a further example of lp spooler flexibility, we have - believe it or not - used the lp spooler to control a speech synthesizer for warning messages, and to control a storage and retrieval robot. <> Larry Lippman @ Recognition Research Corp., Clarence, New York <> UUCP: {allegra|ames|boulder|decvax|rutgers|watmath}!sunybcs!kitty!larry <> VOICE: 716/688-1231 {hplabs|ihnp4|mtune|seismo|utzoo}!/ <> FAX: 716/741-9635 {G1,G2,G3 modes} "Have you hugged your cat today?"