[Openicc] Introduction / Gutenprint]

Robert L Krawitz rlk at alum.mit.edu
Wed Apr 13 10:09:54 EST 2005 

   Date: Tue, 12 Apr 2005 15:49:19 -0400
   From: Michael Sweet <mike at easysw.com>

   Craig Bradney wrote:
   > ...
   > And the case where theres only one user on a computer using ICC and
   > the others not, and that person doesnt have rights to put files in a
   > system dir? Surely a profile can be loaded from anywhere. Are there
   > passwords in profiles in any case?

   No, but it is far easier to force files to be relative to a
   controlled directory than to filter out the paths and permissions
   allowed for a specific, possibly non-local user.  Both the System V
   lp and Berkeley lpr print spoolers have a long history of security
   problems caused by direct access/references to files.

This is why I think profiles should be bundled up with the file being
printed and sent to the spooler, rather than having the spooler know
about a restricted set of profiles and only allowing the user to pick
from that list.  Then the user (via the non-privileged lpr command)
would send the spooler both the file to be printed and the profile via
IPP.  Passing the ICC profile by reference is what causes a problem;
if it's passed by value, none of this would occur.

   The issue isn't "are there passwords in profiles", it is "can I
   provide a filename to CUPS which will cause it to emit an error
   message that discloses some information that is in the file", or
   "can I provide a filename that will cause a buffer overflow in the
   ICC parser and execute arbitrary code"....

This is no different from "can I provide a Postscript file that will
trigger a buffer overflow in Ghostscript and execute arbitrary code".
The ICC parser needs to be audited, just like Ghostscript does, since
it runs in a system context.

-- 
Robert Krawitz                                     <rlk at alum.mit.edu>

Tall Clubs International  --  http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf at uunet.uu.net
Project lead for Gimp Print   --    http://gimp-print.sourceforge.net

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton

More information about the openicc mailing list