RunAsUser removed; reassurance wanted

Michael Sweet mike at easysw.com
Tue Jul 25 04:45:42 PDT 2006 

John A. Murdie wrote:
> The CUPS book says on page 95 "The default configuration of CUPS runs
> the CUPS server as the root user ... because the server is running as
> root it may be possible to exploit an undiscovered bug to gain root
> access. CUPS provides a RunAsUser directive to run the server as an
> unpriviledged [sic] user ..."
> 
> I see from item 58 in Article 370 "CUPS 1.2b1" (release notes) that
> RunAsUser has been removed, apparently on security grounds.
> 
> I've been unable to find a statement anywhere about where that leaves
> CUPS systems managers re. the possibility of a root exploit. Is it
> planned to return RunAsUser in a secure manner one day?

It is unlikely in the extreme that RunAsUser will ever come back.

First, CUPS, and in particular cupsd, has been audited dozens on times
now.  The last potential root exploit was found several years ago, and
given the processes and coding standards we now employ at ESP, I would
say that it is highly unlikely we will introduce any new security
holes in future releases (and we'll update things if this happens...)

Second, as we completed 1.2 it became obvious that RunAsUser wasn't
providing any added security at all - running as a single user
actually exposes a lot of additional security threats because the
scheduler and helper apps (filters, drivers, backends, etc.) are
running as the same user.

Third, you lose many capabilities such as live reconfiguration,
authentication support via PAM on most platforms, and automatic root
authentication via certficates.  In the future, the list will include
Kerberos authentication as well...

Finally, the Linux distribution that requested RunAsUser (SuSE) now
includes AppArmor (a Linux security module) which can do a much
better job of securing CUPS than RunAsUser.  Similarly, Red Hat is
using SELinux to provide added security for CUPS, and Solaris has
Zones.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Internet Printing and Publishing Software        http://www.easysw.com

More information about the cups mailing list