[cups.general] Can't access spool folder
Helge Blischke
h.blischke at acm.org
Wed Jun 30 08:33:33 PDT 2010
Michael Sweet wrote:
> On Jun 29, 2010, at 11:32 PM, Daniel Stoeck wrote:
>> ...
>> "that the scheduler itself generates a fairly restrictive sandbox profile
>> for every filter/backend subprocess it forks."
>>
>> Information like this is pretty hard to find to be honest. Lucky to have
>> a mailing list like this. You guys are supporting very very well.
>
>
> Currently we have documentation on this in the Filter and Backend
> programming guide:
>
> http://www.cups.org/documentation.php/api-filter.html
>
> although we could probably be more specific about the restrictions.
> Currently you *should* be able to access both the job data (dNNNNNN-NNN)
> and control (cNNNNNN) files in the spool directory, but only for the
> current job for privacy/security reasons.
>
> The base profile is the same as the one in:
>
>
/System/Library/Frameworks/ApplicationServices.framework/Frameworks/PrintCore.framework/Resources/default.sb
>
> ________________________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair
According to the source code in scheduLER/process.c (cups 1.4.4), read
access to the spool directory is generally denied and, for the current job,
reading only the data file is allowed.
Shall I file a bug for this?
Helge
More information about the cups
mailing list