Comment 6 for bug 809904

Sanjay,
I wished there were comments in the HPLIP code which tell
how the stuff is meant (i.e. what the purpose and idea behind is).

Because I don't know for sure what the purpose and idea behind is
I can only make assumptions according to how I understand the code.

Based on this assumptions I think the following:

From my point of view "/tmp/hpcupsfax.out" is not meant
as a temporary file but as output file for debugging purpose
which (unfortunately) exists in a directory (/tmp)
where any user can create a symbolic link like for example
  /tmp/hpcupsfax.out -> /etc/passwd
and then when
  system ("chmod 666 /tmp/hpcupsfax.out")
would be run as root (I don't know under which user it runs)
it would do an evil thing.

When "/tmp/hpcupsfax.out" is meant as output file for debugging purpose
it would be not nice when the debugging output file name is not
a fixed name which is known in advance but instead it would be some
secure but awkward "mktemp" name like /tmp/hpcupsfax.out.XXXXXXXXXX

When "/tmp/hpcupsfax.out" is meant as output file for debugging purpose
I think it should be o.k. to remove an existing file or symbolic link
with this name via something like:

  if (iLogLevel & SAVE_PCL_FILE)
  {
    if (system ("rm -f /tmp/hpcupsfax.out"))
    { return 1;
    }
    fp = fopen ("/tmp/hpcupsfax.out", "w");
    system ("chmod 666 /tmp/hpcupsfax.out");
  }

But because of the stick bit in the /tmp/ directory
"rm -f /tmp/hpcupsfax.out" works only for root and for the user
who had created /tmp/hpcupsfax.out

I think this could be o.k. because when the stuff is run as root
it would enforce "the right thing" and when it is run as non-root
it would do "the right thing" when /tmp/hpcupsfax.out from
the same user already exists and otherwise it would return
something like a "failed" state as far as I guess the meaning
of "return 1" in prnt/hpijs/hpcupsfax.cpp

But I am not a security expert to finally decide about it.