Red Hat Bugzilla – Bug 53784
Possible security problem with LPRng 3.7.5 and 3.7.6
Last modified: 2007-04-18 12:37:13 EDT
I don't think that RH ever released 3.7.5 or 3.7.6 (rather, patched 3.7.4), but as there might have
been some patches to the code, better safe than sorry...
Date: Tue, 18 Sep 2001 07:06:41 -0700 (PDT)
From: User Papowell <email@example.com>
Subject: LPRng: LPRng 3.7.7 + Security Bulletin
Please do not use LPRng 3.7.5, 3.7.6. There is a possible
security problem with them.
In fixing a problem with 'additional groups' I wrote a routine
that got the group for use when running as a server and then set
the group and additional groups. This 'setgroup' should be done
ONLY for 'lpd'. The code that is in 3.7.5 and 3.7.6 does it for
lpq and lpr as well.
There is a possibility that by using this users could access files
for which the lpd user ('daemon' by default and 'lp' by on most
RedHat RPM installations) could read files which had group ownership
'daemon' (or lp).
Patrick ("Doh! I knew that! Dumb! Dumb!") Powell
Indeed, we have only shipped 3.7.4+patches, and not 3.7.5 or later. Thanks
for letting us know about this though.