On 2024-06-11, Zdenek Dohnal wrote: > ???????? Impact > > Given that cupsd is often running as root, this can result in the change > of permission of any user or system files to be world writable. > > > https://github.com/OpenPrinting/cups/commit/a436956f3 >
This is a pretty confusing description... if we accept the premise that an attacker can somehow get root to run cupsd with a modified configuration file (how???), then this patch doesn't seem sufficient. They can still get root to unlink() an arbitrary file, no? I guess someone from CUPS has seen a working Ubuntu exploit that did this, but this really feels like fixing the bug in the wrong place? Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger tav...@sdf.org _\_V _( ) _( ) @taviso
