COMMAND

    /usr/bin/lp

SYSTEMS AFFECTED

    IRIX

PROBLEM

    It's a pretty  bad one.   I was reported  to SGI/CERT/AUSCERT back
    in  Dec'96  by  Yuri Volobuev  who  discovered  it,  but  so   far
    everything's  quiet.   It  allows  anyone  to  get  lp priorities.
    Because /usr/etc/lpd is  suid (why? it  shouldn't be, at  least on
    Linux it's  not, and  it's the  same BSD-derived  one), it  can be
    further leveraged all the way to  root.  Even if you wisely  strip
    suid bit off lpd,  it doesn't help a  lot, hacker can still  steal
    identities of people who print.  Vulnerability is basically  equal
    to netprint hole, which was found patch-worthy by SGI.

SOLUTION

    Immediate solution may  be a wrapper,  as outlined above.   A much
    better  long-term  solution  would  be  to  dump all Irix printing
    stuff  and  install  LPRng  instead,  it emulates both lpr/lpq and
    lp/lpstat.  See for details:

        ftp://dickory.sdsu.edu/pub/LPRng/