[Pkg-cups-devel] Bug#692791: members of lpadmin can read every file on server via cups
Michael Sweet
msweet at apple.com
Thu Nov 29 14:59:25 UTC 2012
Didier,
On 2012-11-28, at 6:58 AM, Didier 'OdyX' Raboud <odyx at debian.org> wrote:
> ...
> DocumentRoot has to be fixed that way IMHO as the attack is immediate and I
> think it's a suitable fix for our stable releases. For SystemGroup, I think
> it's reasonably okay to leave that bug open for stable releases; the long-term
> fix (to push that to cups-files.conf) is okay in that regard.
>
> Any idea/patch on how you'd enforce default DocumentRoot (including making
> sure the tests still run? )?
One simple check: if we are running as root, require the defaults.
________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20121129/5ae19b63/attachment.html>
More information about the Pkg-cups-devel
mailing list