[apparmor] Bug#914370: cups-daemon: AppArmor profile allows cupsd to create setuid binaries under /etc
intrigeri
intrigeri at debian.org
Sun Jan 27 20:37:37 UTC 2019
Control: severity -1 minor
Guten Abend Christian, hi again everyone!
(some AppArmor stuff first, then a question for the CUPS folks)
Christian Boltz:
> My guess is that John meant something like that:
> /etc/cups/** Cx -> trap,
> profile trap {
> # intentionally left empty
> }
Ah, got it now, thanks!
If this can somehow be combined with the rule we already have:
/etc/cups/** rw
… then I think this would be a suitable short-term workaround.
Jamie, IIRC you're one of the people regularly working on this
profile, how does this sound?
Finally, I would like to question the need for cupsd to have write
access to a world-readable directory, which is, as I understand it,
the root cause of the problem (once you assume it has to run as root
in the first place). I guess cupsd needs write access because it saves
config files there when one uses the web interface, and then by Debian
convention /etc/cups is world-readable. But perhaps one of these could
change, e.g. does /etc/cups really have to be world-readable?
Cheers,
--
intrigeri
More information about the AppArmor
mailing list