Hello, Am Freitag, 20. Juni 2014 schrieb Ludwig Nussel:
1xx wrote:
I want the "cups-pdf" to go into official repository.
CUPS-PDF is a PDF writer backend for CUPS. Official site: http://www.cups-pdf.de/
Uh, it runs as root and writes into directories owned by some user? Better ask security to take a look.
Does it at least write to a "hardcoded" location (for example ~/cupspdf) in the user's home directory? If yes, shipping it with an AppArmor profile would be a good idea. (If needed, I can help you to fine-tune the profile, however I'm too busy at the moment. I'll have more time in July - at least I hope so ;-) Even if the output directory is user-configurable, having an AppArmor profile could help to avoid access to security-critical files - but of course a restriction like "only allow write access in ~/cupspdf" is much more secure. Regards, Christian Boltz -- Linux - und dein PC macht nie wieder blau. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org