Control: tags -1 +wontfix Le lundi, 13 novembre 2017, 15.34:25 h CET Alban Browaeys a écrit : > per the man page root should be in cups-files.conf SystemGroup. > JobPrivateAccess requires @SYSTEM or @OWNER but root in not in any of > those. Thus root cannot job-edit (cancel jobs) > This forbid cups-pk-helper from cancelling jobs as it run as root. > > A workaround is adding "root" to "SystemGroup" (which includes > only lpadmin on debian).
This was discussed last year: https://lists.debian.org/debian-printing/2016/11/msg00045.html > In other words, letting cups-pk-helper run as 'root' (but accept commands > from any allowed users) leads to a user-to-lpadmin privilege escalation. At > least, it defers access control away from CUPS to cups-pk-helper. See also https://bugs.debian.org/698504 https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/934291 The point is that we don't want to let anyone with access to cups-pk-helper delete jobs through it as that defeats the security mechanism put in place by CUPS. The solution is to get cups-pk-helper run as root but use the requesting user when using the CUPS API (so that it respects the "system group" restrictions of CUPS). In other words, I think this is a bug in how cups-pk-helper runs in Debian. Cheers, OdyX
signature.asc
Description: This is a digitally signed message part.