It was discovered that an installation script in the HPLIP package would change permissions on the hplip config files located in user"s home directories. A local user could exploit this and change permissions on arbitrary files upon an HPLIP installation or upgrade, which could lead to root privileges.