Security question [#58427]
Kurt Pfeifle
kpfeifle at danka.de
Wed May 14 15:55:21 CEST 2003
Michael Goffioul wrote:
> I'm looking for external opinions. See
>
> http://bugs.kde.org/show_bug.cgi?id=58427
>
> Thanks.
> Michael.
Sorry to be a bit late...
I am not sure if I fully understood everything.
* No idea why the CUPS server was "flooded". But there was a
bug in an older CUPS version that made this happen from *any*
client under certain circumstances.... I don't believe this
is a KDEPrint problem. A CUPS update would proof me right
or wrong on this assumption.
* I am not sure how the user "changed" user to arrive at
the problem he describes. Did he click "System Options...
--> CUPS Server --> (Server Information) --> Account
Information" ?
* Anyway, I don't think it is a security problem in and of
itself if switching to another user is possible. It is
rather a *feature*.
-- a security problem is, of course if the password is
displayed in clear text on a window heading, of course.
-- switching the user sometimes is *required* by certain
CUPS setups. Not supporting it in KDEPrint would make
it useless in these environments, and users would need
to use the CUPS commandline for printing.
-- if the user knows the other username/passwd combination
anyway, it is because he either is entitled to use it
or because he has acquired it by dirty means (or a
security hole) -- in both cases he can easily use other
means than kprinter to print jobs (or do worse things).
-- quotas are of no concern for the same reason. (And quotas
only make sense if you are using a minimal authentication
scheme on the CUPS server).
-- CUPS has several methods at its disposal for authentication.
One is "HTTP basic". This one does not encrypt passwords,
it only encodes them.
-- If CUPS uses "HTTP Digest", it is a separate password
repository ("lppasswd"), and therefore often also a separate
password from the normal system password. I think we should
make it easy to key in once and safe and re-use that
password for KDEPrint -- just as it is implemented now.
So my plea is from a users' perspective: Don't remove that feature
(to log in as another user to the localhost or a remote CUPS server)
in KDEPrint! It is an important feature. (I admit that I don't
fully understand all the security implications...)
Cheers,
Kurt
More information about the kde-print
mailing list