[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Password checking API
From:       Malte Starostik <malte () kde ! org>
Date:       2001-10-03 12:13:35
[Download RAW message or body]

Am Wednesday 03 October 2001 10:28 schrieb Michael Goffioul:
> > It may just be me, but if CUPS is a centralized toolset, then knowing the
> > password of the user is fairly unlikely, just as unlikely as having the
> > account on the same machine you are on.  Wouldn't it be more likely that
> > you would have the controlling password for the CUPS server then the
> > account for the user whose job (not yours) you want to remove?  In
> > reality though, if the CUPS server is only checking the username than it
> > already has a security problem. There should be a check against the
> > requesting IP and the original user.
>
> You're right. Changing the username to root to remove someone else's job
> only makes sense if the CUPS server is on localhost, but this is a
> restriction that can be introduced on client side. As I understand how CUPS
> works, it's the client responsability to insure that the
> "requesting-user-name" is the right one. If you set it to root in your
> request when posting a job, the root is the owner of the job, even if
> you're not really root. This is the same when removing a job: the client
> has to set the username correctly to avoid introducing security hole.
> That's why I wanted an authentification mechanism: to authenticate the
> requested username before changing it. However this can only be done if
> the server runs on localhost.

Does this mean that cupsd allows anyone to spoof print jobs for any other user 
without giving a password??? In that case I wonder, why lprm keeps asking me 
for user name _and_ password everytime (somehow I need to enter "root" and 
the root password to remove jobs even if they are mine). That made me think 
the server authenticated me via that password. So, does only lprm check the 
pw and send a request to cupsd if it's correct?

Can one effectively do something to the effect of (I don't know IPP, so just a 
mockup protocol):

telnet printserver 631
<= CUPS server here, hi there
=> Malory here, user name is "root"
<= Hi, nice to meet you
=> Delete all jobs
<= Ok, done, bye

If that's the case, I know which packages will meet the fate of rpm -e ASAP.

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic