On startup, lpd(8) creates an AF_UNIX socket /var/run printer.
Before creating it, umask is set to 007. This allows members
of the wheel group to submit data to lpd bypassing normal
Fix: In /usr/src/usr.sbin/lpr/lpd/
uid=1000(shalunov) gid=1000(shalunov) groups=1000(shalunov), 0(wheel)
shalunov@tuzik$ cd /var/run
shalunov@tuzik$ ls -l printer
srwxrwx--- 1 root wheel 0 Oct 25 10:53 printer
shalunov@tuzik$ perl -MSocket -e 'socket(SOCK, PF_UNIX, SOCK_STREAM, 0); connect(SOCK, sockaddr_un("printer")); print SOCK "foo\n"'
shalunov@tuzik$ tail -1 /var/log/messages
Mar 9 14:44:15 tuzik lpd: bad request (102) from tuzik.lz.att.com
Garance has been doing some work with lpr
Btw, I should mention that I'm finally getting around to doing something
with this PR. Or at least I will, if my regular job doesn't swamp me
with extra work again.
I'm going to take a slightly different tactic than you recommended.
What I'm going to do is change the group of /var/run/printer so that the
group is set to daemon. Eventually I would like to fix lpr/lpd so it
does not have to run as root (or at least, it will use set-uid root
permissions for very little of it's processing), and if I ever manage to
do that then I'd probably keep the 'setgid daemon' on it.
Garance Alistair Drosehn = firstname.lastname@example.org
Senior Systems Programmer or gad@FreeBSD.org
Rensselaer Polytechnic Institute; Troy NY USA
For bugs matching the following criteria:
Status: In Progress Changed: (is less than) 2014-06-01
Reset to default assignee and clear in-progress tags.
Mail being skipped