[Openicc] Introduction / Gutenprint]
Gerhard Fuernkranz
nospam456 at gmx.de
Wed Apr 13 05:43:48 EST 2005
Michael Sweet schrieb:
> Assume for a moment that you have files which you do not want other
> users to see/use. Allowing the filter to read any file on the system
> could lead to disclosure of the information in that file (e.g.
> "error, bad ICC header 'root:rootpassword:...'" :)
I fully agree. But IMO the same applies to the print files.
I probably don't want to disclose them to anybody either,
except to trusted instances like "root" or the spooler.
So basically I think that user supplied profiles could be
treated similar to print files, with regard to security.
And I think I am permitted to do "lp file.ps", if file.ps is
owned by me and has only 0400 permission, am I?
> FWIW, we do not trust print files, that is why we run the
> filters as an unpriviledged user instead of root... :)
Of course - an that's good so!
Regards,
Gerhard
More information about the openicc
mailing list