Control: tags -1 +wontfix
Le lundi, 13 novembre 2017, 15.34:25 h CET Alban Browaeys a écrit :
> per the man page root should be in cups-files.conf SystemGroup.
> JobPrivateAccess requires @SYSTEM or @OWNER but root in not in any of
> those. Thus root cannot job-edit (cancel jobs)
> This forbid cups-pk-helper from cancelling jobs as it run as root.
>
> A workaround is adding "root" to "SystemGroup" (which includes
> only lpadmin on debian).
This was discussed last year:
https://lists.debian.org/debian-printing/2016/11/msg00045.html
> In other words, letting cups-pk-helper run as 'root' (but accept commands
> from any allowed users) leads to a user-to-lpadmin privilege escalation. At
> least, it defers access control away from CUPS to cups-pk-helper.
See also
https://bugs.debian.org/698504
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/934291
The point is that we don't want to let anyone with access to cups-pk-helper
delete jobs through it as that defeats the security mechanism put in place by
CUPS.
The solution is to get cups-pk-helper run as root but use the requesting user
when using the CUPS API (so that it respects the "system group" restrictions
of CUPS). In other words, I think this is a bug in how cups-pk-helper runs in
Debian.
Cheers,
OdyX
Attachment:
signature.asc
Description: This is a digitally signed message part.