[Openicc] Introduction / Gutenprint]
Craig Bradney
cbradney at zip.com.au
Wed Apr 13 04:26:55 EST 2005
On Tuesday 12 April 2005 16:03, Michael Sweet wrote:
> Gerhard Fuernkranz wrote:
> >>Mike's whole point is
> >>that he *cannot*, for security reasons, allow access to *any*
> >>user-defined path. With this architecture, that's the right decision.
> >
> > But if we refuse to trust any file supplied by the user, why
> > do we trust the document being printed? It also needs to
> > be supplied by the user. Why is a user-supplied profile more
> > insecure than a user-supplied PostScript file (which the user
> > wants to print)?
>
> I did not say that.
>
> Assume for a moment that you have files which you do not want other
> users to see/use. Allowing the filter to read any file on the system
> could lead to disclosure of the information in that file (e.g.
> "error, bad ICC header 'root:rootpassword:...'" :)
>
> FWIW, we do not trust print files, that is why we run the filters
> as an unpriviledged user instead of root... :)
And the case where theres only one user on a computer using ICC and the others
not, and that person doesnt have rights to put files in a system dir? Surely
a profile can be loaded from anywhere. Are there passwords in profiles in any
case?
Craig
More information about the openicc
mailing list