Michael, On 12-11-29 10:12 AM, Michael Sweet wrote: >> So, your alternate fix doesn't actually solve the problem as I can still >> do something like: >> >> PageLog /var/log/cups/../../../etc/shadow > > Adding a check for "../" in the path will catch that, easy fix... > >> Also, there are a lot of other directives that can pretty trivially >> escalate to root...for example, setting ConfigFilePerm to 04777... > > Well, that would yield a world-writable cupsd.conf; I'll update things to > mask out everything but read/write bits for both ConfigFilePerm and > LogFilePerm.
We'll most likely be using your approach of splitting the config files out in our stable releases, so I don't think it's worth investing time in trying to find an alternative fix. Thanks! Marc. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
