[Pkg-cups-devel] Bug#427559: problems with your proposal of suid root backend runner
Martin Pitt
mpitt at debian.org
Fri Jun 8 09:22:40 UTC 2007
Hi Jerome,
Jerome Alet [2007-06-07 21:42 +0200]:
> Martin, you suggest a suid root backend to launch other CUPS
> backends as root.
Only as a temporary workaround.
> This is not really possible as far as I know, for several reasons :
It does work, since cups itself uses it for lpd.
> the easiest way was certainely to
>
> chown root.root mybackend
> chmod 700 mybackend
(NB that 700 is not a Debian Policy compliant permission either, so we
have to slightly change that for the backends we ship by default in
the package. But that's not a problem as long as 700 works, too).
> as specified in CUPS' documentation.
>
> don't forget that many CUPS backends are written in scripting languages,
> and won't support being suid root.
Right. As I pointed out in an earlier comment, the right thing to do
(IMHO) is to change the derooting to make backend invocation
compatible to upstream again. I'll look into that at some point.
For now I'm just going to disable the derooting until we have a good
solution for this.
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20070608/85d1c4b8/attachment-0001.pgp
More information about the Pkg-cups-devel
mailing list