[Pkg-cups-devel] Bug#692791: #692791 - CVE-2012-5519 - cups lpadmin-to-root privilege escalation - Proposed solutions
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Nov 29 12:22:44 UTC 2012
On 12-11-29 05:30 AM, Didier 'OdyX' Raboud wrote:
<snip>
> B) Disable any remote configuration by lpadmin users
>
> This has been attempted by Marc on [1]. For now, it is incomplete as it still
> allows lpadmin users to HTTP PUT updates to the configuration files.
>
> Pros: + Addresses the problem in a way less intrusive way (smaller patch)
> Cons: - Big loss of functionality through forbidding any lpadmin cups server
> configuration
<snip>
>
> So, for squeeze/stable and wheezy/next-stable, I'd be tempted to go the B)
> (to be fixed) way. Granted, we'll loose functionality, but it will put us on
> the safe-side, with updates that drop functionality without needing a painful
> configuration-files-edit upgrading path.
>
I don't believe B is a viable approach. The HTTP PUT interface is used
by cupsctl and possibly other local tools, and there's no easy way of
filtering what gets uploaded in the cupsd.conf file.
FYI, in Ubuntu, I plan on doing a less-elegant version of A, which would
be to get the new config file, but without automatically migrating any
settings, and without changing the original config file so the user
doesn't get any debconf prompts. Options that got moved to the new file
would print warnings in the logs for the admin to see. The only thing is
that the "SystemGroup" line will still be in the original config file
after the upgrade, but with the log file warning disabled for it.
Marc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20121129/3252baaa/attachment.pgp>
More information about the Pkg-cups-devel
mailing list