HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Ghostscript, LD_LIBRARY_PATH, and the uid of hfaxd and faxq



-----BEGIN PGP SIGNED MESSAGE-----

I just reminded myself the hard way that ghostscript needs to have the
X11 libraries compiled in with "-L/usr/openwin/lib" or
"-L/your-local-X-libraries" for HylaFAX, since faxq gets at it and is
operating as root. This means it will ignore the LD_LIBRARY_PATH under
SunOS, even if it is set in ps2fax.

This does raise a security concern. Would it be possible with the
latest revisions to run faxq and hfaxd as the UID for "fax", rather
than having them run as "root"? What is the trade-off or disadvantage?
I realize that hfaxd and faxq does a number of uid changes. Are these
sufficient, and should we review that behavior for security holes.

			Nico Garcia
			Engineer, CIRL 
			Mass. Eye and Ear Infirmary
			raoul@cirl.meei.harvard.edu

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNL+VlD/+ItycgIJRAQFoCwP/Yw8gEa9F4n2HvsNvOIX8Viw2PP+F3RDF
6FlyV+f0jC7uCUw67JoVpPFGz4ycDA+dVej7Rma13dgcH7BlRjwQGDBkcJFtx+sG
vQ7s4mdDcI617L9l0E2Mm8+Wp1LrhovTeQVmrDbZOeUMG5O/1sLWqlvE2PozwEHR
Fa1xJUvemEs=
=cH/t
-----END PGP SIGNATURE-----




Project hosted by iFAX Solutions