I should have mentionend that I had in mind to run the backend as setuid "lp" program so that normal users get sufficient permissions implicitely e.g. to do a device state query.
I thought that "run as lp" is sufficiently secure because "it is just what cupsd does by default" but unfortunately I missed that with a setuid "lp" binary there is a program available which can be executed by any user so that now any user might be able to do anything as user "lp" which is not sufficiently secure to have it by default :-( By the way: Just add all users to the "lp" group is also not sufficiently secure to be done by default, see https://bugzilla.novell.com/show_bug.cgi?id=349084#c9 -- needs a proper daemon or cupsys integration https://bugs.launchpad.net/bugs/149045 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
