Am Freitag, 20. Juni 2014 schrieb Ludwig Nussel:
I want the "cups-pdf" to go into official repository.
CUPS-PDF is a PDF writer backend for CUPS. Official site: http://www.cups-pdf.de/
Uh, it runs as root and writes into directories owned by some user? Better ask security to take a look.
Does it at least write to a "hardcoded" location (for example ~/cupspdf) in the user's home directory?
If yes, shipping it with an AppArmor profile would be a good idea. (If needed, I can help you to fine-tune the profile, however I'm too busy at the moment. I'll have more time in July - at least I hope so ;-)
Even if the output directory is user-configurable, having an AppArmor profile could help to avoid access to security-critical files - but of course a restriction like "only allow write access in ~/cupspdf" is much more secure.