From my point of view the real solution would be
https://bugzilla.novell.com/show_bug.cgi?id=752454 https://bugzilla.novell.com/show_bug.cgi?id=752454#c3 --- Comment #3 from Johannes Meixner <jsmeix@suse.com> 2012-03-15 15:26:08 UTC --- Only FYI in particular for external readers: The main security issue with item 4. (provide a PPD file to set up a print queue) is that PPD files could contain a line like *cupsFilter: "application/vnd.cups-postscript 0 /path/to/executable" This way a user who is allowed to set up a print queue (i.e. who must be allowed to provide a PPD file) can provide a PPD file which runs commands as user "lp" ("lp" is used by CUPS to run filters to process print jobs). Therefore for a non-root user who is allowed to provide a PPD file a privilege escalation is possible. Therefore the default policy cannot be that non-root users are allowed to provide a PPD file and accordingly by default only root can set up a print queue. Of course root can change the default policy and allow any user(s) he trusts to set up a print queue. The crucial point is that privilege escalation must not be possible by default out of the box. Furthermore there is another way to set up the filtering for a print queue - not via providing a PPD file but instead by providing a "System V style interface script" see "man lpadmin". that root has an obvious and easy to use interface to specify which normal user(s) are allowed to do what in the system, e.g. something like this proposal: https://features.opensuse.org/313287 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.