[Openicc] Introduction / Gutenprint]
Michael Sweet
mike at easysw.com
Wed Apr 13 05:55:03 EST 2005
Gerhard Fuernkranz wrote:
> Michael Sweet schrieb:
>
>> Assume for a moment that you have files which you do not want other
>> users to see/use. Allowing the filter to read any file on the system
>> could lead to disclosure of the information in that file (e.g.
>> "error, bad ICC header 'root:rootpassword:...'" :)
>
>
> I fully agree. But IMO the same applies to the print files.
> I probably don't want to disclose them to anybody either,
> except to trusted instances like "root" or the spooler.
>
> So basically I think that user supplied profiles could be
> treated similar to print files, with regard to security.
We can embed profiles in print files to describe the input
colorspace, just not the output colorspace. You can also
generate a CUPS raster file encoded with the output colorspace.
Otherwise, we will be treating output colorspaces like we do
banner files, fonts, and other server-side resources: referenced
from a common location.
> And I think I am permitted to do "lp file.ps", if file.ps is
> owned by me and has only 0400 permission, am I?
Yes, however when you do "lp file.ps" with CUPS, a copy of the file
is sent "over the wire" to cupsd, which stores it in the spool
directory. The filters never use your copy of the file...
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the openicc
mailing list