[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702227: Permission of the backend too strict for a backend chain (beh, jasmine)



> As far as I can tell, all chained configurations that go through cups are 
> working correctly, so that's definitely a minor issue for standard use cases.

Ok for 'jasmine', but 'beh' is a rather ''standard'' backend, that i
use extensively for some ''broken'' printers or print servers... very
useful if you don't want to be called on saturday morning at home...


> @Till: do you have an opinion on this bug ? I tend to think that as the 
> default chaining through cups works, it's not worth fixing, but I'd welcome 
> your input there.

I've a question: why (for example...) the 'ipp' backend have
permission:

	gaio@eraldo:~$ ls -la /usr/lib/cups/backend/ipp
	-rwxr--r-- 3 root root 43328 15 gen 04.08 /usr/lib/cups/backend/ipp

744 root.root? It really brake the CUPS security model to have it
root.lp, 754 (or 750)?

Probably i don't know CUPS (and indeed it is true ;), but i don't
understood why the 'lp' group have to not execute the backend... while
for example the 'socket' backend:

	gaio@eraldo:~$ ls -la /usr/lib/cups/backend/socket 
	-r-xr-xr-x 2 root root 29988 15 gen 04.08 /usr/lib/cups/backend/socket

it is even executable by everyone?


I restate: i'm an ignorant, but seems to me that simply backend
permission is a mess... ;-)))


Thanks.


Reply to: