the SUID of lpq


 
Thread Tools Search this Thread
Special Forums Cybersecurity the SUID of lpq
# 1  
Old 04-07-2011
Question the SUID of lpq

Hello
My system is Debian-503-amd64. After I installed the "lpr" package, I found that some files with SUID bit come from this package. As:
ls -l /usr/bin/lp*
....
-rwsr-sr-x 1 root lp 31800 2008-05-20 /usr/bin/lpq
-rwsr-sr-x 1 root lp 28504 2008-05-20 /usr/bin/lpr
-rwsr-sr-x 1 root lp 27704 2008-05-20 /usr/bin/lprm
....
I remember that the package named "cups-bsd" also contain these files, but they are no SUID bit. So I download the source code of "lpr" package.
apt-get source lpr
By read the source code I have known why "/usr/bin/lpr" and "/usr/bin/lprm" need SUID bit.
But I still can't understand why "/usr/bin/lpq" need it. In the file "lpq.c", I see the follow lines :
int
main(int argc, char **argv)
{
int ch, aflag, lflag;
char *buf, *cp;
long l;

effective_uid = geteuid();
real_uid = getuid();
effective_gid = getegid();
real_gid = getgid();
PRIV_END; /* be safe */
....
....
I think it means that at the beginning of lpq, the process get its effective uid, real uid, effective gid and real gid. Then the "PRIV_END" defined as:
#define PRIV_END do { \
int save_errno = errno; \
(void)setegid(real_gid); \
(void)seteuid(real_uid); \
errno = save_errno; \
} while (0)
It means the process set its effective uid and gid to real uid and gid.

Why it does this at the beginning of the program, and it doesn't use setresuid() or something like that.

If a no-privilege user execute the /usr/bin/lpq, then the process's euid is 0, but it become the real uid at the beginning and can't recovery. So what's role of the SUID bit of the /usr/bin/lpq from lpr package. The lpq of lpr package really need capability of root? The SUID bit is useful? I can't understand it.

The detailed code come form lpr_2008.05.17.tar.gz.

Hope some friends who knows that can help me. Thank you.
# 2  
Old 04-07-2011
I agree that based on the code you posted the suid bit looks useless. Maybe, in a earlier version of the program, there used to be a first paragraph of code that needed suid and it was removed leaving the situation you have today. Try turning off the suid bit and see if anything breaks.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Difference between inbuilt suid programs and user defined root suid programs under bash shell?

Hey guys, Suppose i run passwd via bash shell. It is a suid program, which temporarily runs as root(owner) and modifies the user entries. However, when i write a C file and give 4755 permission and root ownership to the 'a.out' file , it doesn't run as root in bash shell. I verified this by... (2 Replies)
Discussion started by: syncmaster
2 Replies

2. AIX

suid not working on AIX ?

Hello, I'm running AIX 6.1 box. I tried to use suid on binary file but it doesn't work. (I set suid on /usr/bin/sleep and tried to run it as user1(sleep owner is bin) - and program still runs as user1. It shoud run as bin isn't it ? - This test run as expected on Linux box) Filesystem is... (3 Replies)
Discussion started by: vilius
3 Replies

3. UNIX for Dummies Questions & Answers

sgid suid help --need clarification

I'm writing this command/script to allow students to vi a private file of mine in a private directory of mine. chmod 700 dir chmod 660 file however since i own the directory and file; the script has to be ran by me so to speak, im just not sure how to set about doing this. the script is... (5 Replies)
Discussion started by: StrengthThaDon
5 Replies

4. UNIX for Advanced & Expert Users

SUID not working

Hi Senario: I have previleges to edit a file F but User B does not have sufficient privs to edit it. In order for B to edit it I tried an indirect way. I created a script to edit F and SUID this script so that B can execute it with the privs of me. But this is not working . can some one help... (3 Replies)
Discussion started by: Pankaj Mishra
3 Replies

5. Solaris

SUID and SGID searching...

Hi all, Thanks for all replays and for reading in advance (as per usual) Anyhow I have been asked to come up with a list of programs that have SUID root permissions and also for any programs with SGID permissions. Has anyone got any idea with out going through each program indiviually how I... (2 Replies)
Discussion started by: B14speedfreak
2 Replies

6. UNIX for Advanced & Expert Users

is SUID disabled for shell

Hi, I have two file in my directory. "catter" file contains "cat ./file". And "file" contails "Hi ashish". I have SUID bit set for catter file. But when a different user in my group runs file catter, shell displays "Permission denied" message. I just want to know can use of suid bit be... (3 Replies)
Discussion started by: shriashishpatil
3 Replies

7. UNIX for Dummies Questions & Answers

lpq, lpr and printing problems

good day! i would just like to ask for advice regarding an lp problem i have.. we currently migrated a GIS appl from sol 2.6 to sol 8 but maintained the same version of jetadmin (for the appl plotters and printers). we are able to print files on a printer but not on a plotter. the... (1 Reply)
Discussion started by: maria_iris
1 Replies

8. UNIX for Dummies Questions & Answers

what is suid ?

what is SUID ? can someone explain or point me to a link ? thanks simon2000 (2 Replies)
Discussion started by: simon2000
2 Replies

9. Cybersecurity

suid files???

Hi all, Where can i find list of suid and gid files common for the system, let's say RedHat 7.1? Thank you all Regards :D (1 Reply)
Discussion started by: solvman
1 Replies

10. Programming

SUID bit???

Hi all I'm getting file info through stat( char *filename, struct stat *buf) Taking all the file attributes to buf->st_mode, How can i check the suid bit in there, if suid bit mask is 0004000?? Thank you all (1 Reply)
Discussion started by: solvman
1 Replies
Login or Register to Ask a Question