Bug#386325: marked as done (cupsys: lpd backend not setuid)
Your message dated Sun, 10 Dec 2006 00:29:09 +0900
with message-id <20061209152909.6718C1A7DDC@mail.topstudio.co.jp>
and subject line [Pkg-cups-devel] Bug#386325: cupsys: lpd backend not setuid
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: cupsys: lpd backend not setuid
- From: "John H. Hartman" <jhh@CS.Arizona.EDU>
- Date: Wed, 06 Sep 2006 12:12:21 -0700
- Message-id: <20060906191221.14040.95264.reportbug@roadrunner.cs.arizona.edu>
Package: cupsys
Version: 1.2.2-2
Severity: normal
/usr/lib/cups/backend-available/lpd must be setuid root for it to be
able to create a reserved port to connect to the server, as some servers
require. The setuid bit is not set during installation causing the
backend to fail with a cryptic error message.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-em64t-p4-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Versions of packages cupsys depends on:
ii adduser 3.97 Add and remove users and groups
ii cupsys-common 1.2.2-2 Common UNIX Printing System(tm) -
ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy
ii gs-esp 8.15.2.dfsg.1-2 The Ghostscript PostScript interpr
ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries
ii libcupsimage2 1.2.2-2 Common UNIX Printing System(tm) -
ii libcupsys2 1.2.2-2 Common UNIX Printing System(tm) -
ii libdbus-1-2 0.62-4 simple interprocess messaging syst
ii libgnutls13 1.4.2-1 the GNU TLS library - runtime libr
ii libldap2 2.1.30-13+b1 OpenLDAP libraries
ii libpam0g 0.79-3.2 Pluggable Authentication Modules l
ii libpaper1 1.1.20 Library for handling paper charact
ii libslp1 1.2.1-5 OpenSLP libraries
ii lsb-base 3.1-15 Linux Standard Base 3.1 init scrip
ii patch 2.5.9-4 Apply a diff file to an original
ii perl-modules 5.8.8-6.1 Core Perl modules
ii procps 1:3.2.7-2 /proc file system utilities
ii xpdf-utils [poppler-util 3.01-9 Portable Document Format (PDF) sui
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages cupsys recommends:
ii cupsys-client 1.2.2-2 Common UNIX Printing System(tm) -
ii foomatic-filters 3.0.2-20060712-3 linuxprinting.org printer support
ii smbclient 3.0.23c-1 a LanManager-like simple client fo
-- debconf information:
* cupsys/raw-print: true
* cupsys/ports: 631
* cupsys/backend: ipp, lpd, parallel, socket, usb
cupsys/portserror:
* cupsys/browse: true
--- End Message ---
--- Begin Message ---
- To: 386325-done@bugs.debian.org
- Subject: Re: [Pkg-cups-devel] Bug#386325: cupsys: lpd backend not setuid
- From: Kenshi Muto <kmuto@debian.org>
- Date: Sun, 10 Dec 2006 00:29:09 +0900
- Message-id: <20061209152909.6718C1A7DDC@mail.topstudio.co.jp>
- In-reply-to: <20060906191221.14040.95264.reportbug@roadrunner.cs.arizona.edu>
- References: <20060906191221.14040.95264.reportbug@roadrunner.cs.arizona.edu>
Version: 1.2.4-2
thanks
At Wed, 06 Sep 2006 12:12:21 -0700,
John H. Hartman wrote:
> /usr/lib/cups/backend-available/lpd must be setuid root for it to be
> able to create a reserved port to connect to the server, as some servers
> require. The setuid bit is not set during installation causing the
> backend to fail with a cryptic error message.
Since 1.2.4-2, lpd backend has a permission 0700 root:root.
When CUPS scheduler can't run backend as unprivilege user,
scheduler will launch backend as root. So lpd backend
in current version will be running as root.
Although it seems bit strange way, this is the design of
upstream (well, setuid-root seems more dangerous).
Thanks,
--
Kenshi Muto
kmuto@debian.org
--- End Message ---
Reply to: