[Openicc] Introduction / Gutenprint]
Michael Sweet
mike at easysw.com
Wed Apr 13 00:03:43 EST 2005
Gerhard Fuernkranz wrote:
>>Mike's whole point is
>>that he *cannot*, for security reasons, allow access to *any*
>>user-defined path. With this architecture, that's the right decision.
>
>
> But if we refuse to trust any file supplied by the user, why
> do we trust the document being printed? It also needs to
> be supplied by the user. Why is a user-supplied profile more
> insecure than a user-supplied PostScript file (which the user
> wants to print)?
I did not say that.
Assume for a moment that you have files which you do not want other
users to see/use. Allowing the filter to read any file on the system
could lead to disclosure of the information in that file (e.g.
"error, bad ICC header 'root:rootpassword:...'" :)
FWIW, we do not trust print files, that is why we run the filters
as an unpriviledged user instead of root... :)
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the openicc
mailing list