Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

Package: cups-pdf Version: 2.4.2-1 Severity: critical Justification: root security hole Tags: security Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read parts of any file. End of file is printed by Ghostscript in error report. Execution of this command as unprivileged user

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

On 2/2/07, Grzegorz Żur [EMAIL PROTECTED] wrote: Package: cups-pdf Version: 2.4.2-1 Severity: critical Justification: root security hole Tags: security Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read parts of any file. End of file is printed by Ghostscript in error report.

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

I am the CUPS-PDF developer. Though I am not using Debian I am quite confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS v1.2.x environments (so unprivileged users should not even be able to execute it). Furthermore CUPS-PDF is explicitely not meant to be installed SUID 'root'

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

Volker Christian Behr wrote: I am the CUPS-PDF developer. Though I am not using Debian I am quite confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS v1.2.x environments (so unprivileged users should not even be able to execute it). Furthermore CUPS-PDF is explicitely not

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote: Please check the permissions of the CUPS-PDF backend and GS - neither should be SUID 'root' under any circumstances. CUPS-PDF should even more be mode 700 executable by 'root' only. If this is not the case in the default installation it

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote: On Fri, 2007-02-02 at 13:49 +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine wrote: On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote: Please check the permissions of the CUPS-PDF backend and GS - neither should be SUID 'root'

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

On Fri, 2007-02-02 at 13:49 +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine wrote: On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote: Please check the permissions of the CUPS-PDF backend and GS - neither should be SUID 'root' under any circumstances. CUPS-PDF should even more be mode 700

Bug#409356: cups-pdf: allows unprivileged user to read parts of any file

On Fri, Feb 02, 2007 at 01:49:30PM +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine wrote: On 2/2/07, Volker Christian Behr [EMAIL PROTECTED] wrote: Please check the permissions of the CUPS-PDF backend and GS - neither should be SUID 'root' under any circumstances. CUPS-PDF should even more be