diff options
| author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2009-10-15 18:50:47 +0000 |
|---|---|---|
| committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2009-10-15 18:50:47 +0000 |
| commit | 4d301e694f72b03ab2b6c8189387bd7076a3a2ea (patch) | |
| tree | 3fe42587c15d843dd9eba082b9519ab52f2571cd /cups/api-filter.shtml | |
| parent | b226ab99134159fff1c3192d3bf22d2652db386b (diff) | |
| download | cups-4d301e694f72b03ab2b6c8189387bd7076a3a2ea.tar.gz | |
Merge changes from CUPS 1.5svn-r8849.
git-svn-id: svn+ssh://src.apple.com/svn/cups/easysw/current@1725 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'cups/api-filter.shtml')
| -rw-r--r-- | cups/api-filter.shtml | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/cups/api-filter.shtml b/cups/api-filter.shtml index cbf29657d..0af098f3f 100644 --- a/cups/api-filter.shtml +++ b/cups/api-filter.shtml @@ -67,7 +67,7 @@ specify an arbitrary file path to a separator page, template, or other file used by the filter since that can lead to an unauthorized disclosure of information. <em>Always</em> treat input as suspect and validate it!</p> -<p>If you are developing a backend that runs as root , make sure to check for +<p>If you are developing a backend that runs as root, make sure to check for potential buffer overflows, integer under/overflow conditions, and file accesses since these can lead to privilege escalations. When writing files, always validate the file path and <em>never</em> allow a user to determine @@ -88,15 +88,15 @@ Mac OS X, for example, no backend may write to a user's home directory.</p> <h3><a name="PERMISSIONS">File Permissions</a></h3> <p>For security reasons, CUPS will only run filters and backends that are owned -by root and do not have world write permissions. The recommended permissions for -filters and backends are 0555 - read and execute but no write. Backends that -must run as root should use permissions of 0500 - read and execute by root, no -access for other users. Write permissions can be enabled for the root user -only.</p> +by root and do not have world or group write permissions. The recommended +permissions for filters and backends are 0555 - read and execute but no write. +Backends that must run as root should use permissions of 0500 - read and execute +by root, no access for other users. Write permissions can be enabled for the +root user only.</p> <p>To avoid a warning message, the directory containing your filter(s) must also -be owned by root and have world write disabled - permissions of 0755 or 0555 are -strongly encouraged.</p> +be owned by root and have world and group write disabled - permissions of 0755 +or 0555 are strongly encouraged.</p> <h3><a name="TEMPFILES">Temporary Files</a></h3> |