Hi Loye, Loye Young [2008-12-10 19:02 -0000]: > I can tolerate the "fix" as a stopgap, but alarms are going off in my > head that it's a bad idea.
Your caution is appreciated, however, I'm afraid with cups all bets are off already. At the moment, cups' idea of security is pretty backwards, the central daemon which does the network configuration and lots of parsing runs as root, while some backends which access the hardware run as unprivileged user. So running the serial backend as root doesn't really change attack vectors here, if you break cupsd, you have root in either case. Thus the change in this bug seems acceptable to me. For the historians, we carried a huge patch to make cupsd run as unprivileged system user, but it caused way too many problems, and since the need for it keeps being neglected by upstream, we can't work against that forever. We replaced it with a relatively tight AppArmor profile. -- cups serial backend failed with Permission denied https://bugs.launchpad.net/bugs/154277 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
