COMMAND

    lpd(8)

SYSTEMS AFFECTED

    SunOS 4.1.x

PROBLEM

    An  lpd  bug  was  discovered  where  lpd  could be used to remove
    system files (/etc/passwd or  /.rhosts as examples). This  bug was
    fixed with 100305-01.

    A second bug  was also shown  that could still  be used to  remove
    system files.  This fix was rolled into 100305-02.

    An lpc  problem that  touched one  of the  same modules  as in the
    lpd fix was  fixed and the  subsequent change rolled  into the lpd
    patch 100305-03.

    Two additional problems  were sent to  Sun: one having  to do with
    RPC  calls  to  lpd  and  the  second having to do with postscript
    calls to lpd, thus 100305-04.

    It  was  in   creating  the  -04   version  that  we   unknowingly
    introduced a remote  spool problem on  the SunOS 4.1.1  version of
    the patch. The problem  was that if the  remote queue had jobs  in
    it, the local job sent was often truncated to zero length.

    The -05 version was  an attempt to back  out the last few  changes
    to remove the  remote print problem.   Unfortunately, it did  not.
    It was at  this time that  we decided to  do a lengthy  evaluation
    and test  cycle to  ensure that  the newest  version fixed all the
    reported problems  as well  as fixed  the remote  spool bug we had
    introduced.

    The 100305-06 patch is the result of that lengthy test cycle.

SOLUTION

    Apply  Sun  patch-ID#  is  100305-06.  This patch is available via
    anonymous  ftp  from  the   ftp.uu.net  system  in  the   sun-dist
    directory as  100305-06.tar.Z, or  through your  local Sun  Answer
    Center.   The  checksum  information  for  the file available from
    ftp.uu.net is:

        24474   440   100305-06.tar.Z