[Openicc] Introduction / Gutenprint]

Kai-Uwe Behrmann ku.b at gmx.de
Wed Apr 13 16:56:00 EST 2005 

Some time ago we had reached agreement on this list to use 
/usr/share/color/icc and ~/.color/icc as default paths for profiles.
See additionally
<http://bugs.freestandards.org/show_bug.cgi?id=77>

regards
Kai-Uwe Behrmann
                                + development for color management 
                                + imaging / panoramas
                                + email: ku.b at gmx.de
                                + http://www.behrmann.name


Am 12.04.05, 22:00 +0200 schrieb Craig Bradney:

> On Tuesday 12 April 2005 21:49, Michael Sweet wrote:
> > Craig Bradney wrote:
> > > ...
> > > And the case where theres only one user on a computer using ICC and
> > > the others not, and that person doesnt have rights to put files in a
> > > system dir? Surely a profile can be loaded from anywhere. Are there
> > > passwords in profiles in any case?
> >
> > No, but it is far easier to force files to be relative to a
> > controlled directory than to filter out the paths and permissions
> > allowed for a specific, possibly non-local user.  Both the System V
> > lp and Berkeley lpr print spoolers have a long history of security
> > problems caused by direct access/references to files.
> >
> > The issue isn't "are there passwords in profiles", it is "can I
> > provide a filename to CUPS which will cause it to emit an error
> > message that discloses some information that is in the file", or
> > "can I provide a filename that will cause a buffer overflow in
> > the ICC parser and execute arbitrary code"....
> >
> > In short, if you want to share your personal profiles, you need
> > to run a command to do it (or have some nice GUI do it for you) -
> > we won't configure CUPS to be insecure by default.
> 
> Ok.. continuing playing devils advocate here..
> 
> and in the case where the printer isnt run via CUPS? Shouldnt we be moving 
> towards a general system (and user) location (/etc/icc and ~/.icc perhaps) 
> rather than locating in a particular application's or server's install dirs?
> 
> Craig
> _______________________________________________
> openicc mailing list
> openicc at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/openicc
> 

Mit freundlichen Grüßen
Kai-Uwe Behrmann
                                + Programmierung für
                                + Farbmanagement / Bilder / Panoramen
                                + http://www.behrmann.name
                                + email: ku.b at gmx.de

More information about the openicc mailing list