Bug 17289 - [patch] wrong permissions on /var/run/printer
Summary: [patch] wrong permissions on /var/run/printer
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 3.1-RELEASE
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2000-03-09 19:50 UTC by stanislav shalunov
Modified: 2017-12-31 22:35 UTC (History)
0 users

See Also:


Attachments
file.diff (294 bytes, patch)
2000-03-09 19:50 UTC, stanislav shalunov
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description stanislav shalunov 2000-03-09 19:50:00 UTC
On startup, lpd(8) creates an AF_UNIX socket /var/run printer.
Before creating it, umask is set to 007.  This allows members
of the wheel group to submit data to lpd bypassing normal
accounting, etc.

Fix: In /usr/src/usr.sbin/lpr/lpd/
How-To-Repeat: 
shalunov@tuzik$ id
uid=1000(shalunov) gid=1000(shalunov) groups=1000(shalunov), 0(wheel)
shalunov@tuzik$ cd /var/run
shalunov@tuzik$ ls -l printer
srwxrwx---  1 root  wheel  0 Oct 25 10:53 printer
shalunov@tuzik$ perl -MSocket -e 'socket(SOCK, PF_UNIX, SOCK_STREAM, 0); connect(SOCK, sockaddr_un("printer")); print SOCK "foo\n"'
shalunov@tuzik$ tail -1 /var/log/messages
Mar  9 14:44:15 tuzik lpd[95097]: bad request (102) from tuzik.lz.att.com
Comment 1 Mike Heffner freebsd_committer 2001-06-16 08:20:45 UTC
Responsible Changed
From-To: freebsd-bugs->gad

Garance has been doing some work with lpr
Comment 2 Garance A Drosehn freebsd_committer 2002-04-03 04:34:41 UTC
Btw, I should mention that I'm finally getting around to doing something 
with this PR.  Or at least I will, if my regular job doesn't swamp me 
with extra work again.

I'm going to take a slightly different tactic than you recommended.  
What I'm going to do is change the group of /var/run/printer so that the 
group is set to daemon.  Eventually I would like to fix lpr/lpd so it 
does not have to run as root (or at least, it will use set-uid root 
permissions for very little of it's processing), and if I ever manage to 
do that then I'd probably keep the 'setgid daemon' on it.

---
Garance Alistair Drosehn     =      gad@gilead.acs.rpi.edu
Senior Systems Programmer           or     gad@FreeBSD.org
Rensselaer Polytechnic Institute;           Troy NY    USA
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:22 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped