Bug 43341 - lpd fails to drop groups of root
Summary: lpd fails to drop groups of root
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: LPRng (Show other bugs)
(Show other bugs)
Version: 7.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Crutcher Dunnavant
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-06-03 11:18 UTC by Need Real Name
Modified: 2007-04-18 16:33 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-06-20 14:47:08 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2001:077 normal SHIPPED_LIVE : LPRng fails to drop supplemental group membership 2001-06-07 04:00:00 UTC

Description Need Real Name 2001-06-03 11:18:52 UTC
lpd fails to drop groups of root when becoming a daemon.
If tetex-1.0.7-7 is installed, it is possible to exploit this
to gain (for example) gid disk, which allows pretty much anything
you want. 

# ps -ax|grep lpd|grep -v grep
20697 ?        SW     0:00 [lpd]
[root@clarity /]# cat /proc/20697/status 
Name:   lpd
State:  S (sleeping)
Pid:    20697[root@clarity /]
PPid:   1
Uid:    0       4       0       4
Gid:    7       7       7       7
Groups: 0 1 2 3 4 6 10 40 

(gid 40 is used on my system for the net connection program)
I would expect to see the groups that user lp is a member of.
[root@clarity /]# id lp
uid=4(lp) gid=7(lp) groups=7(lp)


Comment 1 Need Real Name 2001-06-03 11:43:13 UTC
tetex info:

oops, nearly forgot
[root@clarity /]# rpm -qf /usr/sbin/lpd

Comment 2 Pekka Savola 2001-06-20 14:47:02 UTC
This is fixed in errata, now.

Comment 3 Need Real Name 2001-07-04 17:24:05 UTC
Looks like someone forgot to mark this as RESOLVED ERRATA

(Its definately not NEW)
Kinda makes the bugzilla database pretty useless if its not used properly.

Also makes it look like you aren't solving the problems.
Might want to spend a few minutes checking what else is actually resolved.

Note You need to log in before you can comment on or make changes to this bug.