[cups.bugs] incorrect permissions on dnssd and lpd

[Michael R Sweet]

These backends must run as root in order to do certain things - get a privileged port (lpd), support Kerberos (IPP), and run either one of those (dnssd). Cupsd only runs backends as root when they do not have world and group read/execute permissions. And users do not run backends directly, cupsd does so on their behalf.

So everything is as is should be...

Sent from my iPhone

On Apr 11, 2012, at 11:01 PM, Michael Johnson - MJ <mj at revmj.com> wrote:

> The permissions on the dnssd and lpd backends appear to be incorrect.  They are set to 700.  However, this prevents things from working properly.  From what I can tell non-root users should be able to access these binaries to make basic printer discovery and printing work.  The permissions should really be 755.
> 
> I suspect some might thing that having them be 700 is for security, but that argument seems invalid for the following reasons:
> 
> 1. They work fine as a non-root user if the permissions are set to 755.
> 2. This is opensource software, and thus there is nothing contained in these binaries that is sensitive.
> 
> Beyond that, even if there is some "security" reason behind this, these permissions do not provide any real protection.  I can simply compile cups as my own users and now I have a copy of the binary this is executable by my non-root user.
> 
> I am posting this to the forum on the off chance I am missing something, but I don't think I am.  I will file a bug report in a few days if nobody can come up with a better reason for why these binaries should not be executable by non-root users.
> 
> Thanks!
> _______________________________________________
> cups-bugs mailing list
> cups-bugs at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups-bugs