Bug#344872: cups-pdf creates 0 bytes pdf file.
A NFS mount is a possibility though that should not prevent logging (except /var is also an NFS mount). Is perhaps the RunAsUser option set to yes in CUPS? Then CUPS would not run as root and therefore would fail for all CUPS-PDF operations except if initiated by root. If already the initialization of CUPS-PDF fails there could be a hint in the error log of CUPS itself. Martin-Éric Racine said: > ti, 2005-12-27 kello 15:51 -0300, Andres Junge kirjoitti: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Martin-Éric Racine wrote: >> > ti, 2005-12-27 kello 02:53 -0300, Andres Junge kirjoitti: >> > >> >>Cups creates 0 byte pdf file as normal user. As root works ok. >> > >> > Please check /var/log/cups/cups-pdf_log and paste a copy of what it >> > reports to [EMAIL PROTECTED] Thanks. >> >> Nothing. /var/log/cups/cups-pdf_log is an empty file (0 byte file). > > If CUPS-PDF had problems creating the file, it would have logged > something about it automatically. > > Do you have an unusual situation involving e.g. home directories mounted > via NFS that could perhaps have the worng mounting options? > > -- > Martin-Éric Racine > http://q-funk.iki.fi > -- Volker Christian Behr Experimentelle Physik V (Biophysik), Physikalisches Institut Universitaet Wuerzburg, Am Hubland, 97074 Wuerzburg, Germany Office: Room F-069a +49-931-888-5766 (phone) +49-931-888-5851 (fax)
Bug#409356: cups-pdf: allows unprivileged user to read parts of any file
I am the CUPS-PDF developer. Though I am not using Debian I am quite confused by this behaviour: CUPS-PDF is supposed to be mode 700 on CUPS >v1.2.x environments (so unprivileged users should not even be able to execute it). Furthermore CUPS-PDF is explicitely not meant to be installed SUID 'root' (neither is ghostscript) - so how can those two programs access /etc/shadow at all? Please check the permissions of the CUPS-PDF backend and GS - neither should be SUID 'root' under any circumstances. CUPS-PDF should even more be mode 700 executable by 'root' only. If this is not the case in the default installation it has to be fixed in the Debian package. On Fri, 2007-02-02 at 11:31 +0100, Grzegorz Żur wrote: > Package: cups-pdf > Version: 2.4.2-1 > Severity: critical > Justification: root security hole > Tags: security > > Unprivileged user can execute /usr/lib/cups/backend/cups-pdf to read > parts of any file. End of file is printed by Ghostscript in error report. > > Execution of this command as unprivileged user > /usr/lib/cups/backend/cups-pdf shadow user title 1 '' /etc/shadow > will result in Ghostscript error showing last line of /etc/shadow file > (possibly containing password hash) > ERROR: /undefined in saned:!:13511:0:9:7::: > ... > > -- System Information: > Debian Release: 4.0 > APT prefers unstable > APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, > 'experimental') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18-albemuth > Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) > > Versions of packages cups-pdf depends on: > ii cupsys 1.2.7-3 Common UNIX Printing > System(tm) - > ii gs-esp 8.15.3.dfsg.1-1 The Ghostscript PostScript > interpr > ii libc62.3.6.ds1-10GNU C Library: Shared libraries > > cups-pdf recommends no packages. > > -- no debconf information > -- Volker Christian Behr Experimentelle Physik V (Biophysik), Physikalisches Institut Universitaet Wuerzburg, Am Hubland, 97074 Wuerzburg, Germany Office: Room F-069a +49-931-888-5766 (phone) +49-931-888-5851 (fax)
Bug#409356: cups-pdf: allows unprivileged user to read parts of any file
On Fri, 2007-02-02 at 13:49 +0200, =?UTF-8?Q? Martin-=C3=89ric?= Racine wrote: > On 2/2/07, Volker Christian Behr <[EMAIL PROTECTED]> wrote: > > Please check the permissions of the CUPS-PDF backend and GS - neither > > should be SUID 'root' under any circumstances. CUPS-PDF should even more > > be mode 700 executable by 'root' only. If this is not the case in the > > default installation it has to be fixed in the Debian package. > > Permissions were made 6755 to enable outputting documents to someone's > home directory (or a subdirectory). Unless I'm mistaken, 0700 would > not enable the same thing? Starting with version 1.2.0 CUPS will call any backend that is owned by 'root' and set to mode 0700 with full root privileges which should enable CUPS-PDF to print to any destination. I know Ubuntu to have modified CUPS (e.g. the web-admin interface is disabled) but I cannot tell what other changes they did. I strongly reccommend making CUPS-PDF mode 0700 again since this is to-the-letter within the specifications of CUPS. -- Volker Christian Behr Experimentelle Physik V (Biophysik), Physikalisches Institut Universitaet Wuerzburg, Am Hubland, 97074 Wuerzburg, Germany Office: Room F-069a +49-931-888-5766 (phone) +49-931-888-5851 (fax) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
