Use setuid/seteuid around dangerous operations. Also a few buffer

overflow patches that were "near" to where these operations are taking
place.  The buffer overflows are from OpenBSD.  The setuid/seteuid patches
are from NetBSD by way of OpenBSD (they changed them a little), at least from
my read of the tree.

This is the first of a series of OpenBSD lpr/et al merges.  It (and them)
should be merged back into 2.2 and/or 2.1 (if requested) branches when they
have been shaken out in -current.
Obtained from: OpenBSD

1 files changed, 4 insertions, 0 deletions

diff --git a/usr.sbin/lpr/lprm/lprm.c b/usr.sbin/lpr/lprm/lprm.c
index 20c4ee7..df3a6cb 100644
--- a/usr.sbin/lpr/lprm/lprm.c
+++ b/usr.sbin/lpr/lprm/lprm.c
@@ -74,6 +74,7 @@ int	 requ[MAXREQUESTS];	/* job number of spool entries */
 int	 requests;		/* # of spool requests */
 char	*user[MAXUSERS];	/* users to process */
 int	 users;			/* # of users in user array */
+uid_t	 uid, euid;		/* real and effective user id's */
 
 static char	luser[16];	/* buffer for person */
 
@@ -87,6 +88,9 @@ main(argc, argv)
 	register char *arg;
 	struct passwd *p;
 
+	uid = getuid();
+	euid = geteuid();
+	seteuid(uid);	/* be safe */
 	name = argv[0];
 	gethostname(host, sizeof(host));
 	openlog("lpd", 0, LOG_LPR);