Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!mcvax!ukc!its63b!bob
From: bob@its63b.ed.ac.uk (ERCF08 Bob Gray)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: SysV lp spooler a security hole
Message-ID: <640@its63b.ed.ac.uk>
Date: Fri, 18-Sep-87 10:41:32 EDT
Article-I.D.: its63b.640
Posted: Fri Sep 18 10:41:32 1987
Date-Received: Sun, 20-Sep-87 19:55:13 EDT
References: <313@pvab.UUCP> <1284@mhres.mh.nl> <1986@kitty.UUCP> <147@stb.UUCP> <484@riddle.UUCP>
Reply-To: bob@its63b.ed.ac.uk (ERCF08 Bob Gray)
Organization: I.T. School, Univ. of Edinburgh, U.K.
Lines: 23
Xref: mnetor comp.unix.questions:4179 comp.bugs.sys5:240

In article <484@riddle.UUCP> domo@riddle.UUCP (Dominic Dunlop) writes:
>Consequently, unless all programs in the suite are setuid lp, they can't
>share the files correctly.  I suppose you could fix this up if you had a
>source licence -- indeed, my reason for trying on three different systems
>was in the optimistic and vain hope that somebody had.
>
This problem has been fixed by GEC on our system 63s.

The lp command switches back and forward between the real
user id and the effective user id of lp.

File ownerships are ajusted as needed, and care is taken
that the real user id is used when checking the access
permissions.

The "fix" is not trivial and takes many tens of lines of code.

Also, Re: batch processing.

See the man page batch(1). a standard utility on system V.2.

(actually a shell script calling "at -b").
	Bob.