https://bugzilla.novell.com/show_bug.cgi?id=752454
https://bugzilla.novell.com/show_bug.cgi?id=752454#c30
--- Comment #30 from Johannes Meixner 2012-03-29 07:26:20 UTC ---
A malicious user on another host (where he has root permissions
e.g. a malicious user who connects his own laptop to the network)
can usually fake whatever server and service in the network.
As far as I see the particular "fake network printer" security issue
is the same as the general "print job phishing" security issue
which I described in
"What is Specific Regarding Firewall Setup for Printing" in
http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
And - as far as I see - the "print job phishing" issue
is the same as the general phishing security issue.
When a user submits data into a network he must care
whether or not he trusts this network.
If he cannot trust the network he must not submit
private or confidential data into this network - except he had
set up in advance sufficient encryption and authentication stuff
to ensure that only his intended recipient can decode his data
(regardless that all others in those network could have also
received his encrypted data).
If he cannot trust the network he must not log in on arbitrary
web interfaces which are "just accessible" for him.
If he cannot trust the network he must not submit his
private or confidential print jobs into arbitrary
print queues which are "just accessible" for him.
If he cannot trust the network he must not set up print queues
for network printers which are "just accessible" for him.
Therefore I think it does not provide real better security
to forbid only one "possibly phishing" case to set up print
queues where the connection happens via network (i.e. with
DeviceURIs like socket:/ lpd:/ smb:/ ipp:/ hp:/net/ ...).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.