June 14, 2001

Red Hat security advisory on LPRng

Author: JT Smith

From Net-Security.org:

LPRng fails to drop supplemental group membership at init time, though it
does properly setuid and setgid. The result is that LPRng, and its
children, maintain any supplemental groups that the process starting LPRng
had at the time it started LPRng. This is a security risk.


  • Linux
Click Here!