Patch advisory for Sun Microsystems. Please read for details.
217d7d5db1c16541e9c7386e2182e423f131af73c5178e3167744863d988272d
SUN MICROSYSTEMS SECURITY BULLETIN: #00108
This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.
Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------
All patches listed are available through your local Sun answer centers
worldwide as well as through anonymous ftp to ftp.uu.net.
In the US on ~ftp/sun-dist directory and in Europe on mcsun.eu.net
on ~ftp/sun/fixes directory.
Please refer to the BugID and PatchID when requesting patches from Sun
answer centers.
--------------------------------------------------------------------------
Sun Bug ID : 1057834 1058003 1016437 1040453
Synopsis : The current SunOS/BSD line printer spooler has a flaw which
allows system files to be deleted by the lp daemon.
Sun Patch ID: 100305-01
Checksum of compressed tarfile 100305-01.tar.Z = 31440 239
--------------------------------------------------------------------------
Detailed Information:
Patch-ID# 100305-01
Keywords: security passwd lpd delete system
Synopsis: SunOS 4.1.1;4.1: lpd can be used to delete any file on the system
Date: 30/May/91
SunOS release: 4.1.1, 4.1
Unbundled Product:
Unbundled Release:
Topic: lpd
BugId's fixed with this patch: 1057834 1058003 1016437 1040453
Architectures for which this patch is available: sun3, sun3x, sun4, sun4c
Patches which may conflict with this patch:
Obsoleted by: SunOS 5.0
Problem Description: The current BSD line printer spooler has a flaw
which allows system files to be deleted by the lp daemon.
INSTALL:
as root:
first do a "ps ax |grep lpd" and kill off the currently running lpd process.
the return from ps should be something like:
134 ? IW 0:00 /usr/lib/lpd
26753 p5 S 0:00 grep lpd
# kill -9 {process id of lpd. in the above example this is 134}
then save aside the FCS version of lpd, and change the mode so that it cannot be
misused.
# mv /usr/lib/lpd /usr/lib/lpd.FCS
# chmod 100 /usr/lib/lpd.FCS
copy in the new version and restart lpd.
# cp sun{3,3x,4,4c}/{4.1,4.1.1}/lpd /usr/lib/lpd
# chmod 6755 /usr/lib/lpd
# chown root /usr/lib/lpd
# chgrp daemon /usr/lib/lpd
# rm -f /dev/printer /var/spool/lpd.lock
restart the lpd daemon
# /usr/lib/lpd