[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#940578: printer-driver-cups-pdf: cups pdf printer cannot create pdf file

Control: reassign -1 cups-daemon

Hi,

Martin-Éric Racine:
> ke 18. syysk. 2019 klo 12.11 intrigeri (intrigeri@debian.org) kirjoitti:
>> Thinking about it a bit more, I'm wondering if a less drastic approach
>> would be acceptable:
>>
>> D. Allow cups-pdf to write anywhere under /home/*
>>
>>    This still (somewhat) protects users against security issues in
>>    cups-pdf. This gets rid of AppArmor denials, as long as the user
>>    does not customize the "Out" setting to make it point to some place
>>    that's elsewhere than under ${HOME}.

> This was considered a number of times at Ubuntu, back when it adopted
> AppArmor.  While allowing anything under ${HOME} makes perfect sense
> to me (and would be a good enough compromise between security and
> configurability), there's always random people who configure an
> unusual output path e.g. /tmp/${USER} or somehow prefer upstream's
> default at /var/spool/cups-pdf/${USER}, and who immediately file a bug
> report when that doesn't work instead of checking README.Debian for
> possible instructions regarding AppArmor.

Right, I can totally see this happen. Like in many other places, here
we need to draw the line somewhere between providing better UX for
rare corner cases, and improving Debian's security for the vast
majority of our users. It's sometimes tough.

Wrt. the upstream default path: note that the AppArmor profile already
allows writing there, so this should not be a problem :)

> There's also systems where ${HOME} is, for some reason, a path other
> than /home/${USER}.

Absolutely. And then they'll have AppArmor issues for most desktop
apps that come with an AppArmor profile, until someone points them to
/etc/apparmor.d/tunables/home* (as I just did on a similar bug report
earlier today). Chances are that they notice the problem elsewhere,
and fix it somehow, before cups-pdf is involved, so at least this is
unlikely to land on *your* plate.

> At the very least, allowing anything inside /home/${USER} would
> probably eliminate the vast majority of bug reports. Let's try it.

Deal! Thanks for working constructively with me on this.
I'm thus reassigning to cups-daemon, where the file that needs
patching lives. I'll try my best to submit a patch or MR
by the end of the month. And then I'll let the printing team
decide if that's worth backporting to Buster via a stable update.

Cheers,
-- 
intrigeri
Reply to: