Visability Security Issue with Samba Printers
pipitas
k1pfeifle at gmx.net
Wed Dec 22 12:55:42 PST 2004
pipitas wrote:
> Jeff Sadowski wrote:
>
>> Description: Samba Printer
>> Location: Work
>> Printer State: idle, accepting jobs.
>> Device URI: smb://Username:Password@WindowsDomain/Computer/SharedPrinter
>>
>> Everyone on my computer can see my username and password for my windows
>> network at work.
>
> That's a valid grievance of you. Please use a recent version of CUPS to
> get rid of it. See
>
> http://www.cups.org/str.php?L933
> http://www.cups.org/str.php?L920
>
> Recent versions put user credentials only in the DEVICE_URI environment
> variable (which isnt visible in "ps" or "lpstat -v" outputs). Any user
> accessible device URI is "sanitized" from the credential content before
> presenting it to the user.
Maybe I should supplement my last posting:
If for one reason or another you can not upgrade your CUPS installation
soon, you should consider one of these two options:
* open the printer(s) in question to guest/anonymous so you
can forgo to give a username/password altogether
* create a special user "cupsuser" on your Windows system,
who can't do much more than access the printer(s) in
question; use that user's credentials in the device URI,
so it doesnt harm much if normal users' eyes catch it.
Cheers,
Kurt
More information about the cups
mailing list