[284] in linux-security and linux-alert archive
Re: [Linux-ISP] Slackware questions (fwd)
daemon@ATHENA.MIT.EDU (Aleph One)
Tue Jul 11 18:47:43 1995
Date: Mon, 10 Jul 1995 13:00:16 -0500 (CDT)
From: Aleph One <aleph1@dfw.net>
To: linux-security@tarsier.cv.nrao.edu
Aleph One / aleph1@dfw.net
http://underground.org/
---------- Forwarded message ----------
Date: Sat, 8 Jul 1995 06:54:00 -0400 (EDT)
From: Zygo Blaxell <zblaxell@miranda.uwaterloo.ca>
To: reddirt@ksu.ksu.edu
Cc: linuxisp@lightning.com
Subject: Re: [Linux-ISP] Slackware questions
Quoted from James Cook:
> What sort of security holes need to be plugged in the March '95
> InfoMagic release of Slackware? I seem to recall seeing a message
> about the finger and ftp programs needing upgrading. Anything else?
'lpr -r -s' can be used to print or remove any file. I sent the bug
report to Slackware's bug address. Dunno if anything has been done
since then (strangely enough, I never seem to need to configure
printers, so I just 'rm -f /usr/bin/lpr /usr/sbin/lpd'.
The problem is simple: lp[dr] remove/open the files they are printing
as root, instead of the ID of whoever requested the job. D'oh.
--
Zygo Blaxell, acting sysadmin and current software/hardware guru for the
University of Waterloo Computer Science Club; current sysadmin for miranda.
uwaterloo.ca and ezmail.com. 10th place team, ACM Intl Finals Programming
Contest 1994. Will administer Unix (esp. Linux, maybe Solaris) for food.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To [un]subscribe to this list, contact linuxisp-request@lightning.com
Please send contributions for the mailing list to: linuxisp@lightning.com
Please contact the mailing-list-owner as: linuxisp-owner@lightning.com
