[Pkg-cups-devel] Bug#582441: Bug#582441: /var/spool/cups-pdf/ANONYMOUS is inappropriately owned by nobody:nogroup
Martin-Éric Racine
q-funk at iki.fi
Sat May 22 11:14:48 UTC 2010
On Thu, May 20, 2010 at 10:26 PM, Roger Leigh <rleigh at debian.org> wrote:
> Package: cups-pdf
> Version: 2.5.0-14
> Severity: normal
>
> % ls -ld /var/spool/cups-pdf/ANONYMOUS
> drwxrwxrwt 2 nobody nogroup 4096 Jan 27 2009 /var/spool/cups-pdf/ANONYMOUS
>
> This directory is world-writable with the sticky-bit set, which allows
> any user to create files and directories in this location. However, the
> ownership is not appropriate; compare with /tmp:
>
> % ls -ld /tmp
> drwxrwxrwt 13 root root 300 May 20 20:20 /tmp
>
> The ownership by nobody:nogroup gives processes run under this
> UID and/or GID additional privileges to delete content under this
> location. Given that they are intended to be a restricted-privilege
> user/group, this is not appropriate. Ownership by root:root is
> perfectly acceptable here (if you're creating files in here owned
> by nobody:nogroup that will still work fine).
If I recall correctly, it was suggested that I'd make this directory
owned by nobody:nogroup to give it the lowest possible priority,
because of the risky way that Samba accesses this spool when offering
login-free guest printer access. I welcome debian-devel's input on
whether this statement is correct or not.
Martin-Éric
More information about the Pkg-cups-devel
mailing list