Control: severity -1 minor
Guten Abend Christian, hi again everyone!
(some AppArmor stuff first, then a question for the CUPS folks)
Christian Boltz:
> My guess is that John meant something like that:
> /etc/cups/** Cx -> trap,
> profile trap {
> # intentionally left empty
> }
Ah, got
Hello,
Am Sonntag, 27. Januar 2019, 15:01:40 CET schrieb intrigeri:
> John Johansen:
> > Policy can be adjusted to include trap profiles that will attach
> > to binaries executed out of these directories. The trap profile
> > can grant limited to no permissions.
> > [...]
> > short term: confine u
Hi John & others,
John Johansen:
> Policy can be adjusted to include trap profiles that will attach
> to binaries executed out of these directories. The trap profile
> can grant limited to no permissions.
> [...]
> short term: confine users & a trap profile(s) on the /etc/cups dir
I was not able
On 12/16/18 6:05 AM, intrigeri wrote:
> Hi,
>
> (+ AppArmor upstream mailing list as I don't feel sufficiently
> knowledgeable to provide authoritative answers or guidance)
>
> Didier 'OdyX' Raboud:
>> Le jeudi, 22 novembre 2018, 19.05:19 h CET deb...@dbwats.plus.com a écrit :
>>> The AppArmor pr
Hi,
(+ AppArmor upstream mailing list as I don't feel sufficiently
knowledgeable to provide authoritative answers or guidance)
Didier 'OdyX' Raboud:
> Le jeudi, 22 novembre 2018, 19.05:19 h CET deb...@dbwats.plus.com a écrit :
>> The AppArmor profile supplied with cupsd isn't much use against loc
Control: tags -1 +confirmed +help
Le jeudi, 22 novembre 2018, 19.05:19 h CET deb...@dbwats.plus.com a écrit :
> The AppArmor profile supplied with cupsd isn't much use against local
> attackers, as it allows cupsd to create setuid binaries at paths it
> can write to (e.g. under /etc/cups). Since
Package: cups-daemon
Version: 2.3~b5-2
Severity: normal
Dear Maintainer,
The AppArmor profile supplied with cupsd isn't much use against local
attackers, as it allows cupsd to create setuid binaries at paths it
can write to (e.g. under /etc/cups). Since cupsd is run as root by
default, these bin
7 matches
Mail list logo