Ante Karamatić wrote: > On Mon, 26 Jun 2006 15:04:28 -0000 > Walter Tautz <[EMAIL PROTECTED]> wrote: > > >> We aren't going to bring back RunAsUser. All of the Linux distros >> already provide helper functions for their init scripts to run as >> a different user, I suggest you look there if you really want to >> cripple your CUPS install. You will also need to update the >> /etc/services file on every system that wants to print with the >> new port number for the IPP service... >> > > This is a known problem. RunAsUser would be great to bring back (this > is why Debian/Ubuntu patches CUPS). Mike knows that RunAsUser and > "helper functions for init scripts" (i.e. start-stop-daemon) are two > totally different things. stat-stop-daemon starts CUPS as non-root user > and CUPS is unable to bind on TCP/631. RunAsUser allowed to start CUPS > as root and bind on TCP/631, and then drop privileges to non-root user. > This is how most of the services work (i.e. postfix, vsftpd, bind, > apache...). I don't see any reason why it shouldn't be done with CUPS > too. If argument is needed - sendmail. Sendmail acts just like CUPS; > runs everything as root. Sendmail is now kicked out of OpenBSD and is > loosing it's user base every day. There is no perfect "hole-free" > software. First line of defense is to assume one day that service will > have a remotly exploitable hole. It's muche better if attacker gains > non-root privileges with which he can "only" mess up printing queues. > > >> 5. LPD printing support. >> Me: Number 5 is relevant to this bug report. >> > > Yes, I think everybody knows that. I can say this won't be "fixed" for > Dapper, but maybe we work something out for Edgy. > > Did you try setuid lpd backend (chmod > +s /usr/lib/cups/backend-available/lpd)? > > Yeah. It didn't work. In anycase I've compiled a version of cups that runs as root to get around my problem for the moment. Michael's perspective is he doesn't want to break the print system as opposed to the host that it's running on... a matter of perspective. I thought I'd give some insights on his thinking....
-- dapper cupsys can not print to rfc compliant lpd server, i.e. can not run as root https://launchpad.net/bugs/47773 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
