Bug#469853: cupsys: Logs in /var/log/cups are world-readable
Package: cupsys
Version: 1.2.7-4etch2
Severity: important
[note: I believe this bug should be of a higher severity, since it is a
security bug (information disclosure) but the guidelines for severity do
not make it clear which severity I should choose. Feel free to inflate
the severity if you think it's warranted].
[note 2: I have tested that this bug applies in the version of cupsys in
sid, but am not able to specify multiple version numbers; will follow up
with a message to control@]
Cups logs contain potentially sensitive information, which should not be
exposed to normal users. Please make the logs readable by the adm group
only [ref /usr/share/doc/base-passwd/users-and-groups.txt.gz].
Thanks,
Dominic.
Reply to: