On dim., 2012-11-11 at 17:53 +0100, Didier 'OdyX' Raboud wrote: > Hi Michael, > > Le dimanche, 11 novembre 2012 14.57:05, Michael Sweet a écrit : > > Lest we forget why we run cupsd as root, here are a few reasons: > > (…) > > Thanks for the explanation. > > > As for a proposed fix, I'm thinking we will disable the log file, > > RequestRoot, ServerRoot, and DocumentRoot directives in cupsd.conf, and > > add command line arguments in their place. That will retain > > configurability while eliminating this particular attack vector. > > > > Thoughts? > > I don't quite like the "command-line arguments" solution, as it will probably > lead to more machinery on our side (variable setting in /etc/default/cups , > sourcing it from /etc/init.d/cups, etc). > > What about separating the configuration settings in two configuration files, > one modifiable from the webinterface, and one only modifiable by root ? The > first would contain the non-sensitive configuration settings, the latter > would > contain the paths, file definitions, etc. I would tend to prefer to keep > configuration settings in configuration files. (But of course we'll cope with > the upstream choice. :-) ) >
Any news on this? -- Yves-Alexis Perez Debian Security
signature.asc
Description: This is a digitally signed message part