[cups.general] Possibly insecure default LogFilePerm value 0644
Johannes Meixner
jsmeix at suse.de
Tue Jul 12 03:22:54 PDT 2011
Hello,
the CUPS 1.4.6 "configure --help" reads:
-----------------------------------------------------------------------
--with-config-file-perm set default ConfigFilePerm value, default=0640
--with-log-file-perm set default LogFilePerm value, default=0644
-----------------------------------------------------------------------
I wonder whether world-readable log files might be insecure
as the logs might contain sensitive data and in general
the logs are probably not useful for normal users.
I see that user names and passwords are removed from device URIs
like smb://username:password@server/share in /var/log/cups/error_log
but arbitrary filters and backends could log arbitrary sensitive
data nevertheless so that a default LogFilePerm value 0640
should be better to be by default on the safe side.
On the other hand I assume there is a reason why the log files should
be world-readable but I don't know it (my search for "LogFilePerm" on
http://www.cups.org/newsgroups.php did not result anything).
Perhaps /var/log/cups/page_log could be world-readable so that accounting
software run by normal users could evaluate it to show normal users their
current accounting state but then any normal user would be allowed
to read all the accounting informantion for all other users.
By the way, I found two bugs in the documentation:
There is a typo in the documentation regarding LogFilePerm
http://www.cups.org/documentation.php/doc-1.5/ref-cupsd-conf.html
--------------------------------------------------------------------------
The LogFilePerm directive specifies the permissions to use when writing
configuration files.
--------------------------------------------------------------------------
should probably be
--------------------------------------------------------------------------
The LogFilePerm directive specifies the permissions to use when writing
log files.
--------------------------------------------------------------------------
There is missing information regarding ConfigFilePerm in
http://www.cups.org/documentation.php/doc-1.5/ref-cupsd-conf.html
--------------------------------------------------------------------------
The ConfigFilePerm directive specifies the permissions to use when writing
configuration files.
--------------------------------------------------------------------------
should be enhanced with something like
--------------------------------------------------------------------------
The ConfigFilePerm directive specifies the permissions to use when writing
configuration files like cupsd.conf, config files uploaded via HTTP PUT
requests, the remote.cache file, the subscriptions.conf file,
and the job.cache file but except classes.conf and printers.conf files
because of potential security issues.
--------------------------------------------------------------------------
according to
http://www.cups.org/newsgroups.php?s1+gcups.general+v2+T0+Qfileperm
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
More information about the cups
mailing list