On Sun, Aug 01, 2004 at 12:05:12PM +0200, J.H.M. Dassen (Ray) wrote:
> If cups-pdf invoked on behalf of a regular user is actually run with root
> privileges (I haven't checked), then -dSAFER only alleviates the security
> problems resulting from that situation, but it certainly doesn't end them,
On Sun, Aug 01, 2004 at 11:13:44 +0300, Martin-Éric Racine wrote:
> On Sat, 31 Jul 2004, Matt Zimmerman wrote:
> > That is, an attacker could submit a print job containing PostScript
> > commands which, when interpreted by gs, would open files, etc. with the
> > privileges of cups-pdf (apparently,
On Sat, 31 Jul 2004, Matt Zimmerman wrote:
> > > > [Florian]
> > > > l.s 69, 409 and 416:
> > > > gs invoked this way allows any file operations
> > [Upstream]
> > True, but call is managed by the cups-pdf binary. I.e. as long as no bug
> > allows insertion of malicious code into the syste
3 matches
Mail list logo
