Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
Ghostscript, LD_LIBRARY_PATH, and the uid of hfaxd and faxq
- To: Hylafax Mailing List <flexfax@sgi.com>
- Subject: flexfax: Ghostscript, LD_LIBRARY_PATH, and the uid of hfaxd and faxq
- From: Nico Garcia <raoul@cirl.meei.harvard.edu>
- Date: Fri, 16 Jan 1998 12:15:41 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
I just reminded myself the hard way that ghostscript needs to have the
X11 libraries compiled in with "-L/usr/openwin/lib" or
"-L/your-local-X-libraries" for HylaFAX, since faxq gets at it and is
operating as root. This means it will ignore the LD_LIBRARY_PATH under
SunOS, even if it is set in ps2fax.
This does raise a security concern. Would it be possible with the
latest revisions to run faxq and hfaxd as the UID for "fax", rather
than having them run as "root"? What is the trade-off or disadvantage?
I realize that hfaxd and faxq does a number of uid changes. Are these
sufficient, and should we review that behavior for security holes.
Nico Garcia
Engineer, CIRL
Mass. Eye and Ear Infirmary
raoul@cirl.meei.harvard.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNL+VlD/+ItycgIJRAQFoCwP/Yw8gEa9F4n2HvsNvOIX8Viw2PP+F3RDF
6FlyV+f0jC7uCUw67JoVpPFGz4ycDA+dVej7Rma13dgcH7BlRjwQGDBkcJFtx+sG
vQ7s4mdDcI617L9l0E2Mm8+Wp1LrhovTeQVmrDbZOeUMG5O/1sLWqlvE2PozwEHR
Fa1xJUvemEs=
=cH/t
-----END PGP SIGNATURE-----