On Tue, 20 Feb 2007, Martin-Éric Racine wrote: > Wake up, Steve. I maintain this package. You don't. Making this > package a one-size-fits all is my call, not yours. Your opinion of > Ubuntu is irrelevant.
It's fine to try to make this package one size fits all, but having binaries which do not need to be setuid root setuid root is a bad idea. Is there any reason why you cannot detect whether or not cupsys is going to be run as root or non-root and chmod the binary appropriately? Secondly, has anyone actually audited cups-pdf to verify that it is audited to run appropriately setuid 0? Don Armstrong -- If you have the slightest bit of intellectual integrity you cannot support the government. -- anonymous http://www.donarmstrong.com http://rzlab.ucr.edu
