Comment 3 for bug 7327

Message-ID: <email address hidden>
Date: Fri, 06 Aug 2004 13:54:20 +0200
From: Michal Pasternak <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: cupsys: New configuration file doesn't enable access and error logging by
 default

Package: cupsys
Version: 1.1.20final+rc1-5
Severity: grave
Justification: user security hole

Here are differences that I've found, while installing latest cupsys package:

 -AccessLog /var/log/cups/access_log
 +#AccessLog /var/log/cups/access_log

 -ErrorLog /var/log/cups/error_log
 +#ErrorLog /var/log/cups/error_log

 -PageLog /var/log/cups/page_log
 +#PageLog /var/log/cups/page_log

I think those settings should be enabled.

Also,

 -Printcap /etc/printcap.cups
 +Printcap /var/run/cups/printcap

I don't know whether cupsys on upgrade automatically moves that file or not.
Please check that. Thanks!

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages cupsys depends on:
ii adduser 3.59 Add and remove users and groups
ii debconf 1.4.30 Debian configuration management sy
ii gs-esp 7.07.1-9 The Ghostscript PostScript interpr
ii libc6 2.3.2.ds1-15 GNU C Library: Shared libraries an
pn libcupsimage2 Not found.
pn libcupsys2-gnutls10 Not found.
ii libgnutls11 1.0.16-4 GNU TLS library - runtime library
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libpaper1 1.1.14-0.3 Library for handling paper charact
ii libslp1 1.0.11-7 OpenSLP libraries
ii patch 2.5.9-2 Apply a diff file to an original
ii zlib1g 1:1.2.1.1-5 compression library - runtime

-- debconf information excluded