From shalunov@tuzik.lz.att.com  Thu Mar  9 11:46:53 2000
Return-Path: <shalunov@tuzik.lz.att.com>
Received: from kcmso1.proxy.att.com (kcmso1.att.com [192.128.133.69])
	by hub.freebsd.org (Postfix) with ESMTP id B00D637B6F6
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  9 Mar 2000 11:46:51 -0800 (PST)
	(envelope-from shalunov@tuzik.lz.att.com)
Received: from tuzik.lz.att.com ([135.25.200.84])
	by kcmso1.proxy.att.com (AT&T IPNS/MSO-2.2) with ESMTP id OAA01313
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 9 Mar 2000 14:46:49 -0500 (EST)
Received: (from shalunov@localhost)
	by tuzik.lz.att.com (8.9.2/8.9.2) id OAA95145;
	Thu, 9 Mar 2000 14:46:39 -0500 (EST)
	(envelope-from shalunov)
Message-Id: <200003091946.OAA95145@tuzik.lz.att.com>
Date: Thu, 9 Mar 2000 14:46:39 -0500 (EST)
From: stanislav shalunov <shalunov@att.com>
Sender: shalunov@tuzik.lz.att.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] wrong permissions on /var/run/printer
X-Send-Pr-Version: 3.2

>Number:         17289
>Category:       bin
>Synopsis:       [patch] wrong permissions on /var/run/printer
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    gad
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar  9 11:50:00 PST 2000
>Closed-Date:    
>Last-Modified:  Mon Dec 29 17:34:24 UTC 2008
>Originator:     stanislav shalunov
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
>Environment:
>Description:

On startup, lpd(8) creates an AF_UNIX socket /var/run printer.
Before creating it, umask is set to 007.  This allows members
of the wheel group to submit data to lpd bypassing normal
accounting, etc.

>How-To-Repeat:

shalunov@tuzik$ id
uid=1000(shalunov) gid=1000(shalunov) groups=1000(shalunov), 0(wheel)
shalunov@tuzik$ cd /var/run
shalunov@tuzik$ ls -l printer
srwxrwx---  1 root  wheel  0 Oct 25 10:53 printer
shalunov@tuzik$ perl -MSocket -e 'socket(SOCK, PF_UNIX, SOCK_STREAM, 0); connect(SOCK, sockaddr_un("printer")); print SOCK "foo\n"'
shalunov@tuzik$ tail -1 /var/log/messages
Mar  9 14:44:15 tuzik lpd[95097]: bad request (102) from tuzik.lz.att.com

>Fix:

In /usr/src/usr.sbin/lpr/lpd/

--- lpd.c.orig	Thu Mar  9 14:34:20 2000
+++ lpd.c	Thu Mar  9 14:34:34 2000
@@ -258,7 +258,7 @@
 	sigaddset(&nmask, SIGTERM);
 	sigprocmask(SIG_BLOCK, &nmask, &omask);
 
-	(void) umask(07);
+	(void) umask(077);
 	signal(SIGHUP, mcleanup);
 	signal(SIGINT, mcleanup);
 	signal(SIGQUIT, mcleanup);

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->gad 
Responsible-Changed-By: mikeh 
Responsible-Changed-When: Sat Jun 16 00:20:45 PDT 2001 
Responsible-Changed-Why:  
Garance has been doing some work with lpr 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=17289 

From: Garance A Drosehn <gad@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, shalunov@att.com
Cc:  
Subject: Re: bin/17289: [PATCH] wrong permissions on /var/run/printer
Date: Tue, 2 Apr 2002 22:34:41 -0500

 Btw, I should mention that I'm finally getting around to doing something 
 with this PR.  Or at least I will, if my regular job doesn't swamp me 
 with extra work again.
 
 I'm going to take a slightly different tactic than you recommended.  
 What I'm going to do is change the group of /var/run/printer so that the 
 group is set to daemon.  Eventually I would like to fix lpr/lpd so it 
 does not have to run as root (or at least, it will use set-uid root 
 permissions for very little of it's processing), and if I ever manage to 
 do that then I'd probably keep the 'setgid daemon' on it.
 
 ---
 Garance Alistair Drosehn     =      gad@gilead.acs.rpi.edu
 Senior Systems Programmer           or     gad@FreeBSD.org
 Rensselaer Polytechnic Institute;           Troy NY    USA
 
>Unformatted:
    [so, let's see if I can figure out how to add comments to a]
    [PR via edit-pr instead of replying thru email to GNATS...]
At first glance, I suspect the user is correct wrt the permissions on
/var/run/printer.  I doubt it's much of an exposure, but it probably
should be changed to be more strictly correct.  On the other hand, I
want to investigate this a little, as I suspect the proposed fix will
have some undesirable side effects for OTHER things that lpd might be
creating.  I will look into this further.

    [...and the answer is, "that didn't quite work the way I wanted"]
    All the above 'unformatted' comments are from   gad/Jun 16/2001

