Bug 101573
Summary: | cups requires dbus | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux Beta | Reporter: | John Eckerdal <john.eckerdal> |
Component: | cups | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | beta1 | CC: | hp |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-10-09 11:31:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John Eckerdal
2003-08-04 08:54:10 UTC
DBUS is used for helping the desktop print icon do its job. hp: plans for auditing it? dbus doesn't require xlib, but there are extra libs/tools in the dbus package that do. I can split the dbus package apart. cups will actually run without dbus, just won't send out the notifications. So one approach might be to just don't list that dependency and add the dep to desktop-printing instead. dbus hasn't been audited yet but runs as a completely nonprivileged user (owns no files on the filesystem, has no shell), only listens on local sockets, and is written in a paranoid/security-aware fashion. Still it is true that *if* the dbus daemon is running, and you crack dbus in a couple of different places, you may be able to break into the cups daemon (if you already have a local account; dbus adds no remote risk that I'm aware of). The dependency is for the shared library libdbus-1.so.0; it's not something listed in the spec file. It might be a good thing to split out whatever requires libX11.so* from the dbus binary RPM, to avoid cups requiring it transitively. This has been done now I think. |