Visability Security Issue with Samba Printers

Thu Dec 23 09:11:34 PST 2004

Michael Sweet wrote:
> Jeff Sadowski wrote:
> > I'm dislike how Cups's Web interface tells the complete info about the printer in the Device URL some of that info is private and should not be shared.
> > I have a few Samba Printers I print to and they work rather well with cups. The only complaint I have is that anyone on my system can get my username/password for my windows network.
> > ex:
> > http://127.0.0.1:631(I only opened the port to 127.0.0.1)
> >  ...
>
> This information has been hidden since CUPS 1.0.
>
The issues that Kurt gave me links to have no relivance to the web interface. I'm talking about the web interface on port 631. Wich I could turn off that would take care of the security issue. Its not
that big a deal. Maybe its how slackware built it? I'll have to do
some fishing.
> What version of CUPS are you using?
>
output of:
cups-config --version
1.1.22

> Did you build from source, or are you using binaries from somewhere?
>
> --
>
Using Slackwares binary from Slackware Current. I'll try building from source this weekend with the latest cvs. When I open a web browser and type in 127.0.0.1:631 and click on Printers at the top it shows what I'm taliking about. The Device URL shows password and all I think I was reading that the username password shouldn't be put in the Device URL but somewhere else and maybe put some variable there? I'll have to reread it a few times to see if I can figure it out. Maybe I can have it so that each user on my computer prints with a seperate username and password I think that is what I was reading If so that would be the bomb :-) That would be kinda cool if it is how im taking it. I'll reread things and see. Maybe there is an options to pass the username and password to lpr or something I'll reread and see if this is what the docs say. If not that would be awsome. No more people printing with
my resources they'd have to have there own. :-)

The only thing that would be even cooler is if lpr would catch the err message from samba telling it that it couldn't connect because of non authorized and maybe spawn a username password prompt that would be cool :-) maybe I can hack it. I could even write a small gui password prompt using glade :-) and apon falure spawn the gui and apon falure to spawn a gui, spawn it to the tty and apon falure of that opt out. hmm
maybe even an option to spawn the password prompt before it tries.

This is just an Idea that I might try and implement please don't take it the wrong way. I am NOT asking anyone to do this. This would be
purely for my own fun. I might come up with different Ideas along the way. Even though I like the Idea of a gui password prompt I don't like the idea of adding extra libs to the dependancies (Slackware training of mind). So like I said I might come up with Ideas along the way. Or maybe might hear ideas from others. hmm maybe dynamic loading of libs with dlopen() hmmm.
______________________________________________________________________
> Michael Sweet, Easy Software Products           mike at easysw dot com
> Internet Printing and Publishing Software        http://www.easysw.com