From my point of view the real solution would be
https://bugzilla.novell.com/show_bug.cgi?id=752454
https://bugzilla.novell.com/show_bug.cgi?id=752454#c3
--- Comment #3 from Johannes Meixner 2012-03-15 15:26:08 UTC ---
Only FYI in particular for external readers:
The main security issue with item 4. (provide a PPD file
to set up a print queue) is that PPD files could contain a line like
*cupsFilter: "application/vnd.cups-postscript 0 /path/to/executable"
This way a user who is allowed to set up a print queue
(i.e. who must be allowed to provide a PPD file)
can provide a PPD file which runs commands as user "lp"
("lp" is used by CUPS to run filters to process print jobs).
Therefore for a non-root user who is allowed to provide a PPD file
a privilege escalation is possible.
Therefore the default policy cannot be that non-root users are
allowed to provide a PPD file and accordingly by default
only root can set up a print queue.
Of course root can change the default policy and allow
any user(s) he trusts to set up a print queue.
The crucial point is that privilege escalation
must not be possible by default out of the box.
Furthermore there is another way to set up the filtering
for a print queue - not via providing a PPD file but
instead by providing a "System V style interface script"
see "man lpadmin".
that root has an obvious and easy to use interface
to specify which normal user(s) are allowed to do what
in the system, e.g. something like this proposal:
https://features.opensuse.org/313287
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.