Visability Security Issue with Samba Printers

pipitas k1pfeifle at gmx.net
Wed Dec 22 12:55:42 PST 2004


pipitas wrote:

> Jeff Sadowski wrote:
> 
>> Description: Samba Printer
>> Location: Work
>> Printer State: idle, accepting jobs.
>> Device URI: smb://Username:Password@WindowsDomain/Computer/SharedPrinter
>> 
>> Everyone on my computer can see my username and password for my windows
>> network at work.
> 
> That's a valid grievance of you. Please use a recent version of CUPS to
> get rid of it. See
> 
>    http://www.cups.org/str.php?L933
>    http://www.cups.org/str.php?L920
> 
> Recent versions put user credentials only in the DEVICE_URI environment
> variable (which isnt visible in "ps" or "lpstat -v" outputs). Any user
> accessible device URI is "sanitized" from the credential content before
> presenting it to the user.

Maybe I should supplement my last posting:

If for one reason or another you can not upgrade your CUPS installation
soon, you should consider one of these two options:

 * open the printer(s) in question to guest/anonymous so you
   can forgo to give a username/password altogether

 * create a special user "cupsuser" on your Windows system, 
   who can't do much more than access the printer(s) in 
   question; use that user's credentials in the device URI,
   so it doesnt harm much if normal users' eyes catch it.

Cheers,
Kurt




More information about the cups mailing list