[cups.general] Q. Proper way to startup cupsd as a non-rootuserasopposed to debian hacks?
Klaus Singvogel
kssingvo at suse.de
Tue Jun 6 12:03:52 PDT 2006
Michael Sweet wrote:
[...]
> These are not problems that cause privilege escalation, which
> is what I was referring to... None of the advisories you pointed
> out required running cupsd as root to exploit, and I would argue that
> "RunAsUser" was a bigger security issue than any of these!
I pointed out, that the code is not solid rough, and this was shown
many times. Even if cups wasn't hit in the scheduler regarding
"RunAsUser" (at least since 2003-Dec-19, see below), cups still had
security issues in the scheduler in the past.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1383
If we use this knowledge and extrapolate this to the future (what an
impertinent idea :), then it will be better to RunAsUser, and not
having administrator priviledges (if there will be another issues in
the scheduler).
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0558
>
> DoS attack - ALL network services are subject to this, and NONE are
> immune...
I stronly disagree. You mix two different forms of DoS and compare
them as being the same.
Whereas the first represents the fact that network services aren't
immune to DoS, if they are attacked by _many_ requests/hosts, the
later is vulnerable by only a _single_ packet.
Regards,
Klaus.
--
Klaus Singvogel
SUSE LINUX Products GmbH
Maxfeldstr. 5 E-Mail: Klaus.Singvogel at SuSE.de
90409 Nuernberg Phone: +49 (0) 911 740530
Germany GnuPG-Key-ID: 1024R/5068792D 1994-06-27
More information about the cups
mailing list