All, Lest we forget why we run cupsd as root, here are a few reasons:
1. Authentication (both Kerberos and PAM) 2. Privileged ports for LPD 3. Access to device files for printing 4. Privilege separation from/for filters. 1 and 4 basically require running as root unless we do a hairy mess of meta services between "trusted" programs. We /are/ looking into this for future versions of cupsd but I can't promise anything right now. 2 remains as intractable as before, but with OS support or future elimination of protocols like LPD perhaps it will go away, 3 requires OS support, and to date we have had only limited success for things like USB. .... As for a proposed fix, I'm thinking we will disable the log file, RequestRoot, ServerRoot, and DocumentRoot directives in cupsd.conf, and add command line arguments in their place. That will retain configurability while eliminating this particular attack vector. Thoughts? Sent from my iPad -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
