Volker Christian Behr wrote: > I am the CUPS-PDF developer. Though I am not using Debian I am quite > confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS >> v1.2.x environments (so unprivileged users should not even be able to > execute it). Furthermore CUPS-PDF is explicitely not meant to be > installed SUID 'root' (neither is ghostscript) - so how can those two > programs access /etc/shadow at all? > Please check the permissions of the CUPS-PDF backend and GS - neither > should be SUID 'root' under any circumstances. CUPS-PDF should even more > be mode 700 executable by 'root' only. If this is not the case in the > default installation it has to be fixed in the Debian package. >
You are right! It's only on Debian (and derivatives?) and that's why I report it as Debian's bug, not directly to you. The problem is in debian/postinst script. It executes: chmod 6755 /usr/lib/cups/backend/cups-pdf -- Grzegorz Zur -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]