Hi Michael, Le dimanche, 11 novembre 2012 14.57:05, Michael Sweet a écrit : > Lest we forget why we run cupsd as root, here are a few reasons: > (…)
Thanks for the explanation. > As for a proposed fix, I'm thinking we will disable the log file, > RequestRoot, ServerRoot, and DocumentRoot directives in cupsd.conf, and > add command line arguments in their place. That will retain > configurability while eliminating this particular attack vector. > > Thoughts? I don't quite like the "command-line arguments" solution, as it will probably lead to more machinery on our side (variable setting in /etc/default/cups , sourcing it from /etc/init.d/cups, etc). What about separating the configuration settings in two configuration files, one modifiable from the webinterface, and one only modifiable by root ? The first would contain the non-sensitive configuration settings, the latter would contain the paths, file definitions, etc. I would tend to prefer to keep configuration settings in configuration files. (But of course we'll cope with the upstream choice. :-) ) Cheers, OdyX -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
