You are not logged in.
Pages: 1
Hi guys!!
I would like to ask you if there is any security risk in adding my local user to the 'sys' group.
I had to do it in order to be able to use the HP Device Manager and the printer applet that comes with it in my KDE Desktop .
Till now I have configured through cups -web interface and used my officejet J4580 printer without any serious problem , except that I had to define my printer as 'default' every time I'd like to print from Libre Office.
I only use my pc at home (it is not part of any network and I am the only one using it).
Thx in advance for any help.
Offline
Although in the wiki is stated that the purpose of "sys"group is to grant " Right to admin printers in CUPS. " which doesnt sound a security problem at least to my case , i have found a reported and fixed bug in Mandrake's Linux printer drivers package (back in 2003) where it is stated among other things that :
" A local user with 'sys' group privileges could create a symbolic link from a predictable temporary file name to a critical file on the system or to an arbitrary file name. Then, when the binary is invoked, it will delete the contents of the linked file or create the specified arbitrary file with world-writable permissions. The local user could obtain root level privileges."
and also :
" A local user may be able to obtain 'sys' group privileges on the system. A local user with 'sys' group privileges may be able to obtain root level privileges on the system."
http://www.securitytracker.com/id?1005959
So once again if someone could clarify things for me , would be appreciated.
Last edited by cloyd (2012-09-15 16:17:06)
Offline
Pages: 1