On Thu, May 20, 2010 at 10:26 PM, Roger Leigh <rle...@debian.org> wrote: > Package: cups-pdf > Version: 2.5.0-14 > Severity: normal > > % ls -ld /var/spool/cups-pdf/ANONYMOUS > drwxrwxrwt 2 nobody nogroup 4096 Jan 27 2009 /var/spool/cups-pdf/ANONYMOUS > > This directory is world-writable with the sticky-bit set, which allows > any user to create files and directories in this location. However, the > ownership is not appropriate; compare with /tmp: > > % ls -ld /tmp > drwxrwxrwt 13 root root 300 May 20 20:20 /tmp > > The ownership by nobody:nogroup gives processes run under this > UID and/or GID additional privileges to delete content under this > location. Given that they are intended to be a restricted-privilege > user/group, this is not appropriate. Ownership by root:root is > perfectly acceptable here (if you're creating files in here owned > by nobody:nogroup that will still work fine).
If I recall correctly, it was suggested that I'd make this directory owned by nobody:nogroup to give it the lowest possible priority, because of the risky way that Samba accesses this spool when offering login-free guest printer access. I welcome debian-devel's input on whether this statement is correct or not. Martin-Éric -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimv2ezrwr6norhsxdexncxzw5thvwoidbyvn...@mail.gmail.com
