Date: Wed, 28 Mar 2018 18:27:17 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 227045] print/hplip: hp-setup allows non-root, non-group user to to write into read-only directory Message-ID: <bug-227045-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D227045 Bug ID: 227045 Summary: print/hplip: hp-setup allows non-root,non-group user to to write into read-only directory Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: woodsb02@freebsd.org Reporter: freebsd@dreamchaser.org Assignee: woodsb02@freebsd.org Flags: maintainer-feedback?(woodsb02@freebsd.org) hplip installs hp-setup to configure printers This involves generating a .ppd file and writing it to /usr/local/etc/cups/= ppd This can be done by a non-root user. The directory written: $ ls -dl /usr/local/etc/cups/ppd drwxr-xr-x 2 root cups 512 Mar 28 12:09 /usr/local/etc/cups/ppd The user involved: cupsadmin $ grep cupsadmin /etc/group wheel:*:0:root,cupsadmin operator:*:5:root,cupsadmin cups:*:193:cupsadmin Note that while user cupsadmin is a member of wheel, the directory written is only writeable by root; and while the user cupsadmin is also a member of cups, the directory is not writeable by group cups. The file written: $ ls -lt /usr/local/etc/cups/ppd/HP* -rw-r----- 1 root cups 31122 Mar 28 12:03 /usr/local/etc/cups/ppd/HP_Officejet_Pro_8500_A909g.ppd --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-227045-13>