Visability Security Issue with Samba Printers

Jeff Sadowski jeff_sadowski at yahoo.com
Wed Dec 22 14:13:00 PST 2004


Thank you Kurt I will try these things.
I will upgrade and try it out I should have been
a little better on my submitting to the newsgroup
I'm sorry for any Inconvience.
I should have looked for an upgrade first.
I'll follow the standard slackware build script to build the latest release.

pipitas wrote:
> That's a valid grievance of you. Please use a recent version of CUPS to get
> rid of it. See
>
>    http://www.cups.org/str.php?L933
>    http://www.cups.org/str.php?L920
>
> Recent versions put user credentials only in the DEVICE_URI environment
> variable (which isnt visible in "ps" or "lpstat -v" outputs). Any user
> accessible device URI is "sanitized" from the credential content before
> presenting it to the user.
>
Will do Thanks

> I am looking forward to your contributed documentation.
I'll read the documentation and see if I think there is anything I can contribute

>
> > and could have been made alot easier.
>
> I am looking forward to your source code patches or new implementations.
>
I could write a php script or so I'll see what I can do
If it hasn't been done already.

>  * open your favourite browser,
>  * type "http://localhost:631/sam.html" into location bar,
>  * search on page for "Windows".
>
maybe a link should be added if not already done so like
<a href=http://localhost:631/sam.html>Documentation</a> to
http://localhost:631's main page I'd be glad to take a look
at the pages and make the process as easy as I can for others

> Maybe I should rather expect more complaints.
No I wouldn't even call this a complaint I was just trying to see
If it was updated. Or if this issue was brought up before
Im guessing it was but the searches I did where not sufficent.
This forum was where I found the format for the printer url.

> Try escape the characters in question, or try to put it into quotes.
yea I'll have to experiment a little see if I can make the interface
To type these in in a webbrowser to put in the escape sequences for the next guy I'm getting decent in html and php

>
> Above all, be aware that printing *from* CUPS *to* Windows is not the
> main purpose and feature CUPS was designed for. It is rather the other
> way round: make Windows the print clients printing to a CUPS print
> server.
>
> Note that the usage of the "username:password at servername" lingo inside
> the device URI is recommended nowhere. It is only provided by the CUPS
> developers as a possibility so we can *at all* print if we *urgently*
> need to use that print path.
>
This is probably why I had a hard time finding documentation on it

> In the past I for myself preferred to set up the Windows printer with
> no authentication at all and allow anonymous/guest access to it, so I
> can forego the "username:password" part of the device URI, instead of
> exposing them.
>
Im not the one in charge of my network but I can see reasons why this wouldn't be the best idea.
I think some logging issues might exist.
> Cheers,
> Kurt
>
Thank You Kurt

Maybe I can help I'll go see if there is anything I can do

Jeff Sadowski




More information about the cups mailing list