Hello
My system is Debian-503-amd64. After I installed the "lpr" package, I found that some files with SUID bit come from this package. As:
ls -l /usr/bin/lp*
....
-rwsr-sr-x 1 root lp 31800 2008-05-20 /usr/bin/lpq
-rwsr-sr-x 1 root lp 28504 2008-05-20 /usr/bin/lpr
-rwsr-sr-x 1 root lp 27704 2008-05-20 /usr/bin/lprm
....
I remember that the package named "cups-bsd" also contain these files, but they are no SUID bit. So I download the source code of "lpr" package.
apt-get source lpr
By read the source code I have known why "/usr/bin/lpr" and "/usr/bin/lprm" need SUID bit.
But I still can't understand why "/usr/bin/lpq" need it. In the file "lpq.c", I see the follow lines :
int
main(int argc, char **argv)
{
int ch, aflag, lflag;
char *buf, *cp;
long l;
effective_uid = geteuid();
real_uid = getuid();
effective_gid = getegid();
real_gid = getgid();
PRIV_END; /* be safe */
....
....
I think it means that at the beginning of lpq, the process get its effective uid, real uid, effective gid and real gid. Then the "PRIV_END" defined as:
#define PRIV_END do { \
int save_errno = errno; \
(void)setegid(real_gid); \
(void)seteuid(real_uid); \
errno = save_errno; \
} while (0)
It means the process set its effective uid and gid to real uid and gid.
Why it does this at the beginning of the program, and it doesn't use setresuid() or something like that.
If a no-privilege user execute the /usr/bin/lpq, then the process's euid is 0, but it become the real uid at the beginning and can't recovery. So what's role of the SUID bit of the /usr/bin/lpq from lpr package. The lpq of lpr package really need capability of root? The SUID bit is useful? I can't understand it.
The detailed code come form lpr_2008.05.17.tar.gz.
Hope some friends who knows that can help me. Thank you.