This is the README for lpr-wrapper.1.0.1.NIHS.bs.tar.gz [Download] [Browse] [Up]
lpr-wrapper: Version: 1.0.1 (first public release) Date: 26 June 1997 A wrapper for /usr/ucb/lpr compiled for NeXT, Intel, HP, and Sparc to protect against an attack whereby a user could run commands as root or possibly gain root access. This is an old bug fixed in OpenStep 4.2 and later, described in a recent advisor by CERT (http://www.cert.org). NOTE: there have been recent episodes of this bug being exploited... it seems to have been "rediscovered". The contents of this .tar.gz file: README This file README-2.rtf More information (including how compiled, etc). CERT-CA-97.19 The CERT advisory lpr-wrapper.pkg Installer.app package to install secure wrapper and close security hole. src/lpr.c The source code used to compile this wrapper src/overflow_wrapper.c The source code lpr.c is based on. Special thanks to Rex Dieter <rdieter@math.unl.edu> who helped me make my first Installer package. He also helped me test and debug it. TjL <luomat@peak.org>
These are the contents of the former NiCE NeXT User Group NeXTSTEP/OpenStep software archive, currently hosted by Netfuture.ch.