[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#411580: cups-pdf: 2.4.2-2 broke functionality

On Tue, 20 Feb 2007, Martin-Éric Racine wrote:
> Wake up, Steve. I maintain this package. You don't. Making this
> package a one-size-fits all is my call, not yours. Your opinion of
> Ubuntu is irrelevant.

It's fine to try to make this package one size fits all, but having
binaries which do not need to be setuid root setuid root is a bad
idea.

Is there any reason why you cannot detect whether or not cupsys is
going to be run as root or non-root and chmod the binary
appropriately?

Secondly, has anyone actually audited cups-pdf to verify that it is
audited to run appropriately setuid 0?


Don Armstrong

-- 
If you have the slightest bit of intellectual integrity you cannot
support the government. -- anonymous

http://www.donarmstrong.com              http://rzlab.ucr.edu
Reply to: