Excuse me if this has already been posted, or its just a stupid thing that poses no threat whatsoever to system security. It seems the RedHat print filter contains the following lines: if [ ${i##*:} = "DONE" ]; then if [ "$DEBUG_FILTER" != "" ]; then echo "$root -> depth = $depth" >> /tmp/filter.debug fi Well, this is most certianly not good because of obvious symlink reasons. This could be a major hole if the filter is called by lpr, which happens to be suid. egor:~$ ls -l $(which lpr) -r-sr-sr-x 1 root lp 15164 May 5 18:24 /usr/bin/lpr* I'm just a clueless newbie who thinks he found a hole of sorts, so if this is nothing big, or it does not run suid or whatnot, please dont flame me too much. -- base16 http://egor.dyn.ml.org/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:16:12 PDT