On Wed, 3 Feb 1999, Denis Bucher wrote: > Under an installation of SuSE 5.1, I found lpc 4.0.3 ! > Therefore I think 5.1 is not safe ! SuSE5.0 goes like this: pimmelchen /usr/sbin# ls -al lpc -r-xr-sr-x 1 root lp 20468 Nov 25 1996 lpc pimmelchen /usr/sbin# rpm -q -f lpc lprold-3.0-1 It's quite interesting that I cannot determine the specific version number of lpc itself. Am I on chronical drugs or did they forget to mention it? The latest online version of SuSE6.0 (.S.u.S.E-disk-001.1999012511 at ftp.suse.com) tells us: lprold-3.0.1-37.src.rpm ..which contains a 1997 version of the lpr package and a SuSE patch from December 1998. There is a file called README.SECURITY in it saying: This version of the line printer suite has been taken from the OpenBSD project. This version fixes numerous vulnerabilities which are present in other releases of these packages. Including those announced in SNI-19.BSD.lpd.advisory, and numerous buffer overflow problems, present in both the client programs and the lp daemon. the lpc client itself is the following version: /* $OpenBSD: lpc.c,v 1.5 1997/01/17 16:12:37 millert Exp $ */ The SuSE patch changes the following in the lpc subdirectory: --- lpc/cmds.c +++ lpc/cmds.c Tue Dec 1 21:49:38 1998 @@ -181,7 +181,7 @@ printf("\tcannot open lock file\n"); goto out; } - if (!getline(fp) || flock(fileno(fp), LOCK_SH|LOCK_NB) == 0) { + if (!lpr_getline(fp) || flock(fileno(fp), LOCK_SH|LOCK_NB) == 0) { (void) fclose(fp); /* unlocks as well */ printf("\tno daemon to abort\n"); goto out; @@ -1101,7 +1101,7 @@ seteuid(uid); if (fp == NULL) continue; - while (getline(fp) > 0) + while (lpr_getline(fp) > 0) if (line[0] == 'P') break; (void) fclose(fp); --- lpd/lpd.c +++ lpd/lpd.c Wed Dec 2 19:44:13 1998 @@ -197,7 +197,7 @@ } #define mask(s) (1 << ((s) - 1)) omask = sigblock(mask(SIGHUP)|mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM)); - (void) umask(07); + (void) umask(S_IRWXO); signal(SIGHUP, mcleanup); signal(SIGINT, mcleanup); signal(SIGQUIT, mcleanup); @@ -316,6 +316,7 @@ if (lflag) syslog(LOG_INFO, "exiting"); unlink(_PATH_SOCKETNAME); + unlink(_PATH_MASTERLOCK); exit(0); } @@ -481,6 +482,7 @@ } else free(buf); } + cgetclose(); } /* @@ -553,7 +555,7 @@ again: if (hostf) { #if __GNU_LIBRARY__ - 0 >= 6 - if (!__ivaliduser(hostf, f->sin_addr.s_addr, DUMMY, DUMMY)) { + if (__ivaliduser(hostf, f->sin_addr.s_addr, DUMMY, DUMMY)) { (void) fclose(hostf); return; } I hope this information is interesting for someone. I am not in the mood to check into it, since I never used the lpd package for known reasons :) And by the way, reallife is calling (girls, hehe). Regards Chotaire
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:41 PDT