cups-filters icon indicating copy to clipboard operation
cups-filters copied to clipboard
verified publisher icon OpenPrinting

Command injection via FoomaticRipCommandLine

Open zdohnal opened this issue 1 year ago • 0 comments

Continuation of https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 , because the security advisory does not allow adding more comments after it is published.

The current plan:

  • use hashed PPD keyword values to check whether the input is within expectation,
  • provide root-only accessed config file, where user once he authenticates as root can add new hashed inputs, if he thinks the input is safe.

zdohnal avatar Oct 02 '24 06:10 zdohnal