[cups.development] [RFE] STR #2428: CUPS needs a way to easilyquery policy permissions

[Johannes Meixner]

Hello,

On Jul 6 23:35 Michael Sweet wrote (shortened):
> Chris Rivera wrote:
> > I second everything Johannes mentions.  We really need a way to query 
> > the policy layer and an IPP extension is the simplest and most 
> > consistent way of doing this.  Parsing cupsd.conf is a hack.  Why are 
> > you against adding an IPP extension?  You already have several.
> 
> Because that kind of extension exposes CUPS to other kinds of
> security attacks (dictionary attacks for specific operations and
> users)

I am afraid but I don't understand what you mean with
dictionary attack in this particular case.
Could you give me an example?

Assume such an IPP extension shows under which user name
which operation is allowed with or without password.
Then all operations which work without password are known.
But wouldn't it be otherwise only security by obscurity?

Isn't it the same as /etc/passwd (user names are known)
and /etc/shadow (only the passwords are protected)?


> as well as limiting the user interface based on an flawed
> notion of what the user can and can't do.

I don't think that it limits the user interface in any case.

According to your other mail it seems your workflow is only
"always show all admin options/functions, then prompt the user for a
 username and password (defaulting the username to the current one)"

But what about doing it the other way round:
Always let the user choose a username (defaulting the username to
the current one), then query the cupsd via the IPP extension which
operations this username can do, then show only this operations
(and deactivate/gray-out the rest) and at the end when the IPP
request is done to actually do the operation, prompt for the
password (if a password is required).


Kind Regards
Johannes Meixner
-- 
SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany
AG Nuernberg, HRB 16746, GF: Markus Rex