[cups.general] Security and lp command and -u option
Johannes Meixner
jsmeix at suse.de
Tue Apr 1 03:49:16 PDT 2008
Hello,
On Apr 1 09:28 Jerome Alet wrote (shortened):
> On Thu, Mar 20, 2008 at 07:16:47AM -0700, cedric chambault wrote:
> ...
> > lp command has a "-U" option to specify USERNAME.
> > but if a student, username "student1" type "lp -U student2 file"
> > it prints "file" using the "student2" account.
....
> ... is this because CUPS lacks the functionnality to ensure users
> really are who they claim they are ?
According to how I understand it, how should a service running
on a server machine know who the user is "behind" a client program
on a remote client system without special authentication?
See "man cancel"
-----------------------------------------------------------------
Administrators wishing to prevent unauthorized cancellation
of jobs via the -u option should require authentication
for Cancel-Jobs operations in cupsd.conf(5).
-----------------------------------------------------------------
Since CUPS 1.2 see also
http://www.cups.org/documentation.php/policies.html
Since CUPS 1.3 Kerberos might be useful to avoid an explicite
authentication dialog for each job submission (or whatever
else IPP operation an authentication requires), see
http://www.cups.org/documentation.php/kerberos.html
By the way:
Think about a user who makes his own IPP client program
which can send whatever he likes to the CUPS server.
Think about a user who is root on his own laptop so that
he can run arbitrary programs to receive and send
arbitrary stuff via network.
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany
AG Nuernberg, HRB 16746, GF: Markus Rex
More information about the cups
mailing list