Patch-ID# 101434-03 Keywords: security passwd lpd lpr delete system lpstat -v lpstat -t Synopsis: SunOS 4.1.3_U1: lpr Jumbo Patch Date: Apr/11/94 Solaris Release: 1.1.1A SunOS release: 4.1.3_U1A Unbundled Product: Unbundled Release: Xref: Patch 100305 is the 4.1.3 version of this patch Topic: lpd lpr lpc lpstat lprm lpq pac cancel BugId's fixed with this patch: 1057834 1048004 1099009 1050628 1112342 1133067 1154391 Changes incorporated in this version: 1154391 Relevant Architecture: sparc NOTE: sun4(all) Patches which may conflict with this patch: Obsoleted by: NOTE:5.0 Problem Description: 1154391 lpstat -t returns segmentation fault under 4.1.3_U1 (from 101434-02) 1057834 lpd can be used to delete any file on the system (from 101434-01) 1048004 lpr checks on the real user rather than the effective user 1099009 'lp -t' doesn't work; causes print job to fail. 1050628 Header banner 'A' is printed as 'a'. 1112342 lpc complains for > 32 tc= entries total in printcap, recursive or not 1133067 'lpr -s -t' can be used to remove any file in directory / (root). INSTALL: As root: first do a "ps ax |grep lpd" and kill off the currently running lpd process. the output from ps should be something like: 134 ? IW 0:00 /usr/lib/lpd 26753 p5 S 0:00 grep lpd # kill -9 {process id of lpd. in the above example this is 134} Then save aside the previous versions and change the modes so that they cannot be misused (Note, if the system has an earlier version of this patch installed will be 101434-01, otherwise, will be FCS): mv /usr/lib/lpd /usr/lib/lpd. mv /usr/ucb/lpr /usr/ucb/lpr. mv /usr/ucb/lprm /usr/ucb/lprm. mv /usr/ucb/lpq /usr/ucb/lpq. mv /usr/etc/lpc /usr/etc/lpc. mv /usr/etc/pac /usr/etc/pac. mv /usr/bin/lpstat /usr/bin/lpstat. mv /usr/bin/cancel /usr/bin/cancel. chmod 0400 /usr/lib/lpd. /usr/ucb/lpr. /usr/ucb/lprm. /usr/ucb/lpq. /usr/etc/lpc. /usr/etc/pac. /usr/bin/lpstat. /usr/bin/cancel. Copy in the new versions, delete /dev/printer and create a directory mode 750 owned by root, with group daemon, called /dev/lpd; then create a symbolic link called /dev/printer that points to /dev/lpd/printer and restart lpd. rm -f /dev/printer mkdir /dev/lpd chown root.daemon /dev/lpd chmod 750 /dev/lpd ln -s /dev/lpd/printer /dev/printer cp sun4/4.1.3_U1/lpd /usr/lib/lpd cp sun4/4.1.3_U1/lpr /usr/ucb/lpr cp sun4/4.1.3_U1/lprm /usr/ucb/lprm cp sun4/4.1.3_U1/lpq /usr/ucb/lpq cp sun4/4.1.3_U1/lpc /usr/etc/lpc cp sun4/4.1.3_U1/pac /usr/etc/pac cp sun4/4.1.3_U1/lpstat /usr/bin/lpstat cp sun4/4.1.3_U1/cancel /usr/bin/cancel chmod 6711 /usr/lib/lpd chmod 6711 /usr/ucb/lpr chmod 6711 /usr/ucb/lprm chmod 6711 /usr/ucb/lpq chmod 2711 /usr/etc/lpc chmod 755 /usr/etc/pac chmod 6711 /usr/bin/lpstat chmod 6711 /usr/bin/cancel chown root.daemon /usr/lib/lpd chown root.daemon /usr/ucb/lpr chown root.daemon /usr/ucb/lprm chown root.daemon /usr/ucb/lpq chown root.daemon /usr/etc/lpc chown root.staff /usr/etc/pac chown root.daemon /usr/bin/lpstat chown root.daemon /usr/bin/cancel rm -f /var/spool/lpd.lock /usr/lib/lpd Last step: edit your /etc/rc file and change the line that removes the /dev/printer file upon system startup so that it removes /dev/lpd/printer instead. Note the change to "/dev/lpd/printer" from "/dev/printer" /etc/rc: Find the lines having to do with lpd startup: if [ -f /usr/lib/lpd ]; then rm -f /dev/printer /var/spool/lpd.lock Change (add) in the new location: if [ -f /usr/lib/lpd ]; then rm -f /dev/lpd/printer /var/spool/lpd.lock ^^^^ NEW The results should look like: if [ -f /usr/lib/lpd ]; then rm -f /dev/lpd/printer /var/spool/lpd.lock /usr/lib/lpd; echo -n ' printer' fi