[Pkg-cups-devel] Bug#692791: running cupsd as root
Michael Sweet
msweet at apple.com
Mon Nov 19 12:56:25 UTC 2012
I have a fix I am testing that is going through internal review. However, since Apple software engineering is off this week (extension of Thanksgiving holiday) I don't know if I'll have sign-off until next Monday. Will post something as soon as it is available,
Sent from my iPad
On 2012-11-19, at 1:59 AM, Yves-Alexis Perez <corsac at debian.org> wrote:
> On dim., 2012-11-11 at 17:53 +0100, Didier 'OdyX' Raboud wrote:
>> Hi Michael,
>>
>> Le dimanche, 11 novembre 2012 14.57:05, Michael Sweet a écrit :
>>> Lest we forget why we run cupsd as root, here are a few reasons:
>>> (…)
>>
>> Thanks for the explanation.
>>
>>> As for a proposed fix, I'm thinking we will disable the log file,
>>> RequestRoot, ServerRoot, and DocumentRoot directives in cupsd.conf, and
>>> add command line arguments in their place. That will retain
>>> configurability while eliminating this particular attack vector.
>>>
>>> Thoughts?
>>
>> I don't quite like the "command-line arguments" solution, as it will probably
>> lead to more machinery on our side (variable setting in /etc/default/cups ,
>> sourcing it from /etc/init.d/cups, etc).
>>
>> What about separating the configuration settings in two configuration files,
>> one modifiable from the webinterface, and one only modifiable by root ? The
>> first would contain the non-sensitive configuration settings, the latter would
>> contain the paths, file definitions, etc. I would tend to prefer to keep
>> configuration settings in configuration files. (But of course we'll cope with
>> the upstream choice. :-) )
>
> Any news on this?
>
> --
> Yves-Alexis Perez
> Debian Security
More information about the Pkg-cups-devel
mailing list