hpssd does not access the device directly. It it currently only used for two main purposes: store a global status history for each device, and for routing fax data from the hpfax: backend to each fax gui (that actually access the device via the mud i/o library).
We are working on changing this design in the future, but I do not feel that it has many inherent security concerns as no device access occurs. The race issue is a potential problem, but even there, a second starting up hpssd will contend for the same port, fail and exit. -Don On 10/4/07, Martin Pitt <[EMAIL PROTECTED]> wrote: > > Public bug reported: > > Binary package hint: hplip > > At the moment, the HP tools work in such a way that any tool invoked by > the user (toolbox, scanning, etc.) forks hpssd, which then runs as that > user. This is an absolutely broken design: > > * Device nodes need to be world-readable and writeable (i. e. a single big > security hole, race conditions, etc.) > * Multiple users race for daemon invocation. > * User A would use the daemon of user B; B is in full control of A's work > with the printers/scanners, etc. > > The best way to solve this would be a proper integration into cups, i. e > make printing a proper cups backend which is run as lp:lp, and the > device nodes shuold be root:lp 0660 (similar to the usb or parallel port > backends). > > I appreciate that this might be too limited for the other features, such > as scanning. For those, there needs to be a proper system-wide daemon > hpssd which runs as lp:lp, does proper sanitation of its input, and is > in sole control of the /dev node. To avoid big daemons like in the past, > it shuold be very small and lightweight and can spawn the big processes > on demand and have them time out appropriately. > > ** Affects: hplip (Ubuntu) > Importance: High > Status: New > > ** Changed in: hplip (Ubuntu) > Importance: Undecided => High > > -- > needs a proper daemon or cupsys integration > https://bugs.launchpad.net/bugs/149045 > You received this bug notification because you are a direct subscriber > of the bug. > -- needs a proper daemon or cupsys integration https://bugs.launchpad.net/bugs/149045 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
