Re: bin/36540: a mass of fixes for lpr

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,"Greg A. Woods" <woods%planix.com@localhost>
Subject: Re: bin/36540: a mass of fixes for lpr
From: David Holland <dholland-bugs%netbsd.org@localhost>
Date: Sat, 9 Feb 2008 06:05:03 +0000 (UTC)

The following reply was made to PR bin/36540; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/36540: a mass of fixes for lpr
Date: Sat, 9 Feb 2008 06:04:50 +0000

 Unfortunately, you cannot just remove all the seteuid() calls that
 bracket privileged operations: if you continue to run the programs
 privileged, they will be insecure, and if you don't, they won't work.

 You've replaced only one such block (out of many) with alternate code,
 and that alternate code assumes that the process be running with
 privilege. (Which means you've made it insecure rather than making it
 not work.)

 Real privilege separation code for lpr/lpd would probably be a good
 thing. This isn't it though and I'm afraid it's not even really a step
 in the right direction.

 -- 
 David A. Holland
 dholland%netbsd.org@localhost

Prev by Date: Re: bin/36551 (some major improvements for init(8), with accompanying changes to reboot(8) and shutdown(8))
Next by Date: Re: bin/36540 (a mass of fixes for lpr)
Previous by Thread: Re: bin/36551 (some major improvements for init(8), with accompanying changes to reboot(8) and shutdown(8))
Next by Thread: Re: bin/36540 (a mass of fixes for lpr)
Indexes:

Home | Main Index | Thread Index | Old Index