[cups.bugs] [MOD] STR #3715: Integrity of printers.conf
Matt L
mattl at google.com
Thu Nov 11 19:42:55 PST 2010
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
1.4.3-1ubuntu1.3
On multiple occasions, I have witnessed a machine under heavy load
experience a corrupted printers.conf file. In at least one instance, the
file was partially truncated leading to the loss of approximately half of
the printers. In another instance, printers.conf went missing entirely,
leaving only printers.conf.O behind. An example log from the latter event
is as follows...
I [09/Nov/2010:10:06:38 +0000] Saving printers.conf...
I [09/Nov/2010:10:06:38 +0000] Saving job cache file
"/var/cache/cups/job.cache"...
I [09/Nov/2010:10:06:38 +0000] Saving subscriptions.conf...
I [09/Nov/2010:10:07:08 +0000] Saving printers.conf...
I [09/Nov/2010:10:07:08 +0000] Saving subscriptions.conf...
I [09/Nov/2010:10:07:38 +0000] Saving printers.conf...
I [09/Nov/2010:10:07:38 +0000] Saving job cache file
"/var/cache/cups/job.cache"...
I [09/Nov/2010:10:07:38 +0000] Saving subscriptions.conf...
I [09/Nov/2010:10:08:08 +0000] Saving printers.conf...
I [09/Nov/2010:10:08:08 +0000] Saving job cache file
"/var/cache/cups/job.cache"...
I [09/Nov/2010:10:08:08 +0000] Saving subscriptions.conf...
W [09/Nov/2010:10:08:20 +0000] Possible DoS attack - more than 10 clients
connecting from !
I [09/Nov/2010:10:08:38 +0000] Saving printers.conf...
I [09/Nov/2010:10:08:38 +0000] Saving job cache file
"/var/cache/cups/job.cache"...
I [09/Nov/2010:10:08:38 +0000] Saving subscriptions.conf...
I [09/Nov/2010:10:09:08 +0000] Saving printers.conf...
I [09/Nov/2010:10:09:08 +0000] Saving job cache file
"/var/cache/cups/job.cache"...
I [09/Nov/2010:10:09:08 +0000] Saving subscriptions.conf...
W [09/Nov/2010:10:09:24 +0000] Possible DoS attack - more than 10 clients
connecting from !
I [09/Nov/2010:10:09:39 +0000] Saving printers.conf...
I [09/Nov/2010:10:09:39 +0000] Saving job cache file
"/var/cache/cups/job.cache"...
I [09/Nov/2010:10:09:39 +0000] Saving subscriptions.conf...
E [09/Nov/2010:10:09:43 +0000] Unable to encrypt connection from XXXX - A
TLS packet with unexpected length was received.
I [09/Nov/2010:10:10:00 +0000] Scheduler shutting down normally.
I [09/Nov/2010:10:11:09 +0000] Listening to 0.0.0.0:631 (IPv4)
I [09/Nov/2010:10:11:09 +0000] Listening to /var/run/cups/cups.sock
(Domain)
I [09/Nov/2010:10:11:09 +0000] Listening to 0.0.0.0:443 (IPv4)
W [09/Nov/2010:10:11:09 +0000] No limit for CUPS-Get-Document defined in
policy default - using Send-Document's policy
I [09/Nov/2010:10:11:09 +0000] Remote access is enabled.
I [09/Nov/2010:10:11:09 +0000] Loaded configuration file
"/etc/cups/cupsd.conf"
I [09/Nov/2010:10:11:09 +0000] Using default TempDir of
/var/spool/cups/tmp...
I [09/Nov/2010:10:11:09 +0000] MaxClients limited to 1/3 (341) of the file
descriptor limit (1024)...
I [09/Nov/2010:10:11:09 +0000] Configured for up to 341 clients.
I [09/Nov/2010:10:11:09 +0000] Allowing up to 10 client connections per
host.
I [09/Nov/2010:10:11:09 +0000] Using policy "default" as the default!
I [09/Nov/2010:10:11:09 +0000] Full reload is required.
I [09/Nov/2010:10:11:09 +0000] Loaded MIME database from
"/usr/share/cups/mime" and "/etc/cups": 37 types, 73 filters...
I [09/Nov/2010:10:11:09 +0000] Loading job cache file
"/var/cache/cups/job.cache"...
E [09/Nov/2010:10:11:09 +0000] [Job 4985] Unable to queue job for
destination "leadpipe"!
I [09/Nov/2010:10:11:09 +0000] Full reload complete.
I [09/Nov/2010:10:11:09 +0000] Cleaning out old temporary files in
"/var/spool/cups/tmp"...
E [09/Nov/2010:10:11:09 +0000] Unable to remove temporary file
"/var/spool/cups/tmp/.fontconfig" - Is a directory
I [09/Nov/2010:10:11:09 +0000] Listening to 0.0.0.0:631 on fd 6...
I [09/Nov/2010:10:11:09 +0000] Listening to /var/run/cups/cups.sock on fd
7...
I [09/Nov/2010:10:11:09 +0000] Listening to 0.0.0.0:443 on fd 8...
I [09/Nov/2010:10:11:09 +0000] Resuming new connection processing...
E [09/Nov/2010:10:23:11 +0000] Unable to encrypt connection from XXXX - A
TLS packet with unexpected length was received.
10:09:39 is the last time printers.conf is saved
10:10:00 scheduler shuts down (cause never seems to be mentioned for shut
downs)
10:11:09 server back up, now missing printers (Unable to queue job for
destination "leadpipe"!)
Somewhere in this mess the printers.conf was removed or renamed and never
replaced. Cups came back up with nil printers (which also leads to samba
removing its record of the printers as well). The only possible culprit I
can make out from the logs is "Possible DoS attack - more than 10 clients
connecting from !" to configure it, as the cupsd.conf makes no apparent
mention of it.
This all leads me to believe that whatever process is used to continually
re-write the printers.conf file is not acting in a suitably atomic
fashion. Ideally there should be some mechanism in place to ensure that
the integrity of the file will remain intact during updates, even if
interrupted.
Link: http://www.cups.org/str.php?L3715
Version: 1.4.3
More information about the cups
mailing list