![[LWN Logo]](/images/lc.png)
![[Timeline]](/images/Included.png)
|
|
|
|
Date: Mon, 10 Jul 2000 09:17:09 -0700 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@UUMAIL.GOV.BC.CA> Subject: Re: LPRng lpd should not be SETUID root To: BUGTRAQ@SECURITYFOCUS.COM In message <200007092318.QAA21788@h4.private>, Patrick Powell writes: > Well, even in spite of all of my efforts, care, and paranoia, I > finally dropped the hammer on my foot. Luckily it appears that I > spotted this loophole before somebody on the LPRng mailing list did. Of course anyone who wishes to use LPRng in a mode where it is 100% compatible with lpr/lpd, would need to give up this feature in order to plug this hole. I would think that the bug itself needs to be fixed too. > COMMENTARY: > > I would really like to see capability based permissions in UNIX > and other systems. All that 'lpd' needs is the ability to open > and bind to a 'reserved' port, i.e. 515 for listening, and open > and bind to a port in the 'reserved' range for outgoing connections. If print services would actually listen to port 1515 (example) then the following IP Filter NAT rule could be used to redirect packets to that port thereby allowing print services to not run as root. Sort of a poor man's approach to capabilities until they're implemented on all operating systems. rdr xl0 0/0 port 515 -> 127.0.0.1 port 1515 tcp Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC