[cups.general] privilege separation, what is it,and does cupsduse it?
Michael Sweet
mike at easysw.com
Mon Jul 31 12:10:17 PDT 2006
wtautz wrote:
> ...
> Do think most of the problems you face in loss of functionality
> when running cupsd as a non root user can be overcome in the
> long run? I guess there are lot of issues since you have to worry
> about many different platforms :-)
Unfortunately, most of the functionality issues *cannot* be overcome
in a general way because of how UNIX security works. Linux offers
some interesting possibilities via the kernel security module stuff
that could allow a non-root cupsd to do root tasks, but those same
modules can just as easily cage a root cupsd to provide the same
level of security *without* changing cupsd.
Providing authentication against UNIX or Kerberos accounts requires
root privileges on most platforms, and binding to a privileged port
(631) requires root privileges on all platforms. There are other
things like the root authentication certificate, proxy (cached)
authentication for jobs, and config/log file ownership that need
root (or root-like) permissions to implement, and of course some
backends need to run as root, too.
If we have a "supervisor" process that runs as root (a la Apache,
Samba, and sshd), we can provide support for live configuration while
running the main cupsd as a non-root user, however that still
doesn't take care of the rest of the root user requirements. If
we move all of the root stuff to the supervisor process, then we
still have the same security issues about processing of input *plus*
the additional layer of security needed for the IPC channel used
between the root and non-root cupsd processes...
In short, providing the level of functionality our users expect when
not running as root is not currently possible and may never be
possible or feasible. However, we *can* add additional security
layers to cupsd to make it safer to run as root, and we are open to
suggestions for making cupsd more secure without sacrificing key
functionality.
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the cups
mailing list