Re: Solaris lpNet & temp files (exploit)

Casper Dik (casper@HOLLAND.SUN.COM)
Wed, 07 May 1997 11:59:57 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kari E. Hurtta: "Re: SGI Security Advisory 19970501-01-A - Vulnerability in webdist.cgi"
Previous message: CERT Advisory: "CERT Advisory CA-97.13 - Vulnerability in xlock"
Maybe in reply to: Chris Sheldon: "Solaris lpNet & temp files (exploit)"

>Q&D workaround:
> add "umask 022" to /etc/init.d/lp; restart /etc/init.d/lp
> su - root; touch /usr/spool/lp/.rhosts
> su - root; chown root /usr/spool/lp; chmod 755 /usr/spool/lp
>

The argumetns to the specific lp* filters are defined in
/etc/lp/fd/*.fd.

In this case we have:

/etc/lp/fd/postio.fd:Options: PRINTER * = -L/var/tmp/*.log
/etc/lp/fd/postior.fd:Options: PRINTER * = -L/var/tmp/*.log

The "*" is replaced by the printername; the "right way to modify
this file is with "lpfilter":

The following should fix the bug (but I haven't tested it yet)

echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postio -
echo 'Options: PRINTER * = -L/var/lp/*.log' | lpfilter -f postior -

Casper

Next message: Kari E. Hurtta: "Re: SGI Security Advisory 19970501-01-A - Vulnerability in webdist.cgi"
Previous message: CERT Advisory: "CERT Advisory CA-97.13 - Vulnerability in xlock"
Maybe in reply to: Chris Sheldon: "Solaris lpNet & temp files (exploit)"