On Mon, Feb 29, 2016 at 10:05:03AM -0700, Todd C. Miller wrote: > On Mon, 29 Feb 2016 09:55:45 -0700, "Todd C. Miller" wrote: > > > Most of the PRIV_START / PRIV_END should be removed. There are a > > few instances where we need to drop setgid when opening files, > > however. Removing those calls needs to be done very carefully. > > It is also worth rethinking whether lpr/lprm really need to be > setuid at all now or whether we can simply rely on being setgid > daemon. I was concerned about having non daemon-owned files in the > spool dirs. That may not really be an issue, though. > > - todd >
Would it then be appropriate to remove PRIV_START /PRIV_END from getq? It's only getting a list of sorted filenames for the queue. Later, opening those files seems to need care. Chris
