Faster login - Cups security

Kyrre Ness Sjobak kyrre at
Tue Nov 16 19:39:40 UTC 2004

tir, 16.11.2004 kl. 00.14 skrev Colin Walters:
> On Mon, 2004-11-15 at 18:06 -0500, Havoc Pennington wrote:
> > On Mon, 2004-11-15 at 22:40 +0100, Kyrre Ness Sjobak wrote:
> > > 
> > > I *think* most people would be very, very angry if you killed their
> > > ability to print...
> > > 
> > 
> > Of course, we shouldn't need a cups daemon for client-only machines in
> > many cases 
> Well, right now the CUPS server is also used to pick up IPP broadcasts.
> It would be nice to have an IPP notification only daemon for security
> reasons too though.

When you mention security: Try this:

Hook a computer which shares a printer up to a network. Make sure the
host is named "localhost".

Cups will now broadcast that "localhost" is sharing printer

Now log in at another machine, and try to *print* to that printer. Make
sure you DO have root access to the machine - you will have to stop cups
and clear out its spool catalog.

What happens is that cups don't do any sanity checks on the recieved
broadcasts - if it recives a broadcast from "" saying that
"localhost" is sharing "überprinter 3" it just stores that - no sanity
checks such as trying to look up the hostname and seeing that it does
resolve corectly. So it sends the job to itself, which is recived, sent
to itself und zu weiter...

More information about the desktop mailing list