[cups.general] hiding unwanted printers

Johannes Meixner jsmeix at suse.de
Thu Sep 11 09:21:20 PDT 2008


Hallo,

On Sep 11 17:11 Lucio Chiappetti wrote (shortened):
> In our institute the "typical user workstation"
> is a Linux CUPS client of a single CUPS server

Use a "client-only" setup on the workstations, see
http://en.opensuse.org/SDB:CUPS_in_a_Nutshell

> Now occasionally it appears that some moron connects his
> own machine to the LAN (in DHCP or with a static IP address)
> and misconfigures it to announce to be a CUPS server.

This is a security issue, see
http://www.cups.org/newsgroups.php?gcups.general+T+Q"print+job+phishing"
in particular
http://www.cups.org/newsgroups.php?gcups.general+v:30211

By the way:
Let untrusted users "connect his own machine" (where he is "root")
can result arbitrary problems (e.g. because each machine is its
own ARP server and usually the other machines blindly trust
ARP replies, he can fake to be whatever server - with a 50%
likelihood).


Kind Regards
Johannes Meixner
-- 
SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany
AG Nuernberg, HRB 16746, GF: Markus Rex





More information about the cups mailing list