The version of lpr that was distributed with Debian GNU/Linux 2.1 suffers from a couple of problems. There was a race in lpr that could be exploited by users to print files they can not normally read, and lpd did not check permissions of queue-files. As a result by using the -s flag it could be tricked into printing files a user can otherwise not read. This has been fixed in version 0.46-1-0slink1. We recommend you upgrade your lpr package immediately. Debian security homepage here.