[Pkg-cups-devel] r394 - cupsys/branches/cups-1.2-ubuntu/debian
Martin Pitt
mpitt at debian.org
Fri Oct 6 07:27:08 UTC 2006
Hi Kenshi,
thanks for the explanation.
Kenshi Muto [2006-10-06 9:21 +0900]:
> After reviewing the code, I noticed CUPS scheduler checked a backend
> permission to decide a process owner for backend. When it can't
> read/exec the backend file by unprivileged user, scheduler calls it
> as 'root'.
> Although I think it's not so good implementation, upstream uses it
> anyway.
While it's not exactly obvious, I do not think it's that bad either.
> Since CUPS 1.2.4-1 of Debian, we installed backends as mode
> 755, everyone can read/exec. So this may cause strange errors around
> device or port because it's running with normal user permission.
That's the strange thing I'm actually worried about. For some reason,
upstream has the idea that running the scheduler as root and the
backends as unprivileged user has something to do with security---it
should be exactly the other way around (unpriv'ed spooler and run
those backends as root which actually need it).
> About Ubuntu, because mpitt has already decided to let CUPS daemon
> run as unprivileged user, he can't adopt upstream's method, therefore
> he committed like above to his Ubuntu branch.
Right. BTW, we do use that method for cups-pdf and the lpd backend,
but 0700 breaks the http/ipp backend, that's why I have to maintain
that diff.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cups-devel/attachments/20061006/8cd1e7b0/attachment.pgp
More information about the Pkg-cups-devel
mailing list