On 2/2/07, Volker Christian Behr <[EMAIL PROTECTED]> wrote:
On Fri, 2007-02-02 at 13:49 +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine
wrote:
> On 2/2/07, Volker Christian Behr <[EMAIL PROTECTED]> wrote:
> > Please check the permissions of the CUPS-PDF backend and GS - neither
> > should be SUID 'root' under any circumstances. CUPS-PDF should even more
> > be mode 700 executable by 'root' only. If this is not the case in the
> > default installation it has to be fixed in the Debian package.
>
> Permissions were made 6755 to enable outputting documents to someone's
> home directory (or a subdirectory). Unless I'm mistaken, 0700 would
> not enable the same thing?
Starting with version 1.2.0 CUPS will call any backend that is owned by
'root' and set to mode 0700 with full root privileges which should
enable CUPS-PDF to print to any destination.
I know Ubuntu to have modified CUPS (e.g. the web-admin interface is
disabled) but I cannot tell what other changes they did.
I strongly reccommend making CUPS-PDF mode 0700 again since this is
to-the-letter within the specifications of CUPS.
Ubuntu doesn't run CUPS as root, which is what prevents us from
outputting files to user directories with the backend as root:root
0700.
--
Martin-Éric Racine
http://q-funk.iki.fi
