[cups-devel] [UNKN] STR #4618: Using host name in /etc/cups/cupsd.conf Listen directive could make cupsd listen on the wrong IP

Bogdan Szczurek noreply at cups.org
Tue Apr 14 18:02:36 PDT 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR Unresolved]

> OK, "Listen hostname" is entirely dependent on DNS to return the right
values.

Yup—hence my suggestion to depend on “network”, which may not solve
all the problems but some—for sure. Can it cause any new problems?

> Since there are a lot of variables (besides the order which cupsd is
started)
> for when network facilities are available, you really need to have the
> hostname and any addresses listed in /etc/hosts to make that work
reliably.

Yes, but that's even more evil than just using an explicit IP address right
from the start…

> Moreover, if you have a dynamic address you should not be using "Listen
> hostname" at all. Instead, stick to "Listen *:631" or just "Port 631" -
the
> default ACL will limit access to the local subnet(s), and you can tweak
those
> to prevent access from outside addresses.

You're right, but in that case what good is “Listen” for, beside
specifying local sockets? I mean, since we have ACLs to rely on for
prescribing access rights, it should be perfectly enough to be able to
decide which port we'll be listening on. All the rest can be defined with
the said ACLs. Besides, we can always block some address class(es) on
firewall (e.g. in case when cups server is connected to more than one LAN
and we want to “enable it” only for some selected network(s)).

I must admit, man page for cups.conf, in section about “Listen”,
doesn't present a form “Listen hostname:port”, but, clearly, it is
implemented. Maybe it should be dropped altogether, or at least described
clearly in just the way you did it for me?

Link: https://www.cups.org/str.php?L4618
Version: -feature
Fix Version: None
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJVLbisAAoJENujp6sI12IjV0EP/24V8JAI2YmH1t5Wv8jnu/cN
D9Mczluf2dizr3Q8LSa7O9AjGqXRqaTDxJ/eqAQYy8YKHyuEm6usW+hQrbVge0oW
J/dQ27VM3WuBJx4cu9Zb1czbBNK12pOHg0wVljniF8ZpEktLuSPwAbBToSEn7K73
mLQLFk2mI+2nWA4OS0meImR22EJ/gloE3Q3Ca36heNYX0OypZCVvSWHf8DafvNK0
gWgthb1aEmX/wBFRsyBf3DDpA3WOSlhLKPhamwDHe8nNT9GH/HtBxgl2gPe7YktA
BSkbb+oAquzFM6hmNJJnul3JBEHy5IoGDOo10qPMl0s0O6yRE/SLz4mpEW/UQPiJ
V/Mexq7Cb4utA9KEr4nAdMlnkpOWgln8vCV4xT6ZnpnDrAtDgmRg9mBIpzMuv6AT
cb/GlWdFKRyIG4zmni7BL3NKC6rdp9KVMjUXP2J4JsEalqwzaFseTrP05isnzNng
iCF6lOitQqqwaVOHU+Z1mn4rhSNjcsIo5teksZima2Nu8Ij7hhKINCb2/JLzqCvJ
Uoyo7QlJ3d8LjkwCV8aOoTGBWcT9Uuakm0qH1/NiniCqC2iXdpS9yoQhcg6vhobJ
mRFwVzHbhvKKPddZsrw/XhKUC74CcZ8iA7rT33fm6AwABY42a8otDp/ih+//W3ia
NWaEQFFZVzlSzPlIr85l
=doRB
-----END PGP SIGNATURE-----

More information about the cups-devel mailing list