Security question [#58427]
Maf. King
maf at chilwell.net
Wed May 14 13:27:54 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 14 May 2003 09:35, Michael Goffioul wrote:
> I'm looking for external opinions. See
>
> http://bugs.kde.org/show_bug.cgi?id=58427
>
> Thanks.
> Michael.
I am just a small office admin, and have used several flavours of Linux for
about 3 years, and in no way consider myself a guru for security issues.
(but I always try to learn A Better Way Of Doing Things <G>)
But IMHO:
So long as passwords to the cups server are not sent in the clear (I must
check my cups-servers...), I tend to agree with the poster of the bug
report - it is a useful feature. If a user knows another username/password
pair, then bypassing the quotas wouldn't be too hard - eg scp the raw
postscript to the print server, and then ssh in as the second user and
print from the command line... even just ssh into localhost as the new
user, X-forward kprinter from user2 to user1's X-display...
the key to a quotas and user-based ACLs is good user password security,
whether a handy gui box is there to give the user the option or not.
I can also see the situation where a given user has a different user name on
a remote print server - eg branch office, and this would be a very useful
feature.
Maybe allowing users to print as other users from kprinter is something that
can be put into the KDE kiosk framework?
just 2 cents.
Maf.
- --
Maf. King
PGP Key fingerprint = 8D68 A91F 733B 2C1F 43B7 2B7C E591 E8E1 0DE7 C542
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+wihA5ZHo4Q3nxUIRAgurAKCQjAX/00+0gd96X9m8QK2vzZzFJwCg7Eny
lZdh8U65H8t6RBfAO/JbtTQ=
=0jG9
-----END PGP SIGNATURE-----
More information about the kde-print
mailing list