[4415] in bugtraq
Re: Solaris lpNet & temp files (exploit)
daemon@ATHENA.MIT.EDU (Casper Dik)
Wed May 7 15:09:02 1997
Date: Wed, 7 May 1997 11:59:57 +0200
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Sat, 03 May 1997 07:03:56 PDT."
<199705031403.HAA07600@viewgraphics.com>
>Q&D workaround:
> add "umask 022" to /etc/init.d/lp; restart /etc/init.d/lp
> su - root; touch /usr/spool/lp/.rhosts
> su - root; chown root /usr/spool/lp; chmod 755 /usr/spool/lp
>
The argumetns to the specific lp* filters are defined in
/etc/lp/fd/*.fd.
In this case we have:
/etc/lp/fd/postio.fd:Options: PRINTER * = -L/var/tmp/*.log
/etc/lp/fd/postior.fd:Options: PRINTER * = -L/var/tmp/*.log
The "*" is replaced by the printername; the "right way to modify
this file is with "lpfilter":
The following should fix the bug (but I haven't tested it yet)
echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postio -
echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postior -
Casper
