Mailinglist Archive: opensuse (1165 mails)

< Previous Next >
Re: [opensuse] Re: Should openSUSE review it's Security Policies?

Hello,

On Mar 1 12:18 Roger Oberholtzer wrote (excerpt):
... the root problem (pun intended) remains. What is
needed is a general approach to these permissions.

If the use case is "printer setup on my own machine",
I think - but I am not at all a security expert - it should
be an acceptable solution when the normal user's password
and the root password are the same so that from the user's
point of view there is just one password i.e. THE password.

Then configuration changes could still require THE password
which is - from my point of view - sufficiently easy to use
and sufficiently secure because:

- The owner of the machine can do any configuration changes,
he only must provide THE password.

- The owner of the machine cannot do configuration changes
by accident because he must provide THE password.

- Arbitrary persons who get access to the machine cannot
do configuration changes (i.e. arbitrary persons cannot
hijack the machine when it is running unattended).

As far as I noticed what other wrote in this thread, this could
be even already the default when installing an openSUSE system.

If yes I wonder what the whole discussion is about?

Does anybody really want that arbitrary persons are allowed
by default to do configuration changes?

I assume nobody wants this.

Therefore I assume what is wanted is that not only one person
is allowed by default to do configuration changes but that
it is possible to allow particular other users (e.g. the
owner of the machine and his best friend) to do particular
configuration changes.

As far as I know this is currently not possible.

If this is wanted, a FATE feature request should help...

Hint:
https://features.opensuse.org/


As to the printer things: isn't it mainly configuration file
access that is the problem?

No.

Print queue related configuration files are written by the cupsd
which has the right permissions to deal with its own files.

Please see the documentation, in particular have a look at
"General information on the command-line tools" and
"Allow printer admin tasks for a normal user" at
http://en.opensuse.org/SDB:CUPS_in_a_Nutshell

Regarding CUPS policies, have a look at the YaST printer module.


By the way:

As far as I understand Vincent Untz' comment
https://bugzilla.novell.com/show_bug.cgi?id=749451#c3
this could be - from my point of view - a major security issue
when the Gnome desktop printer setup tool system-config-printer
does not work in compliance with the CUPS "Operation Policies"
but uses instead its own kind of "provide admin permissions"
tool cups-pk-helper.

Assume someone has set up his own computer and thinks it is
secure against configuration changes so that he can let
someone else work on his computer - but actually this other
person can change the print queues via the Gnome desktop
so that all (possibly confidential) print jobs print as usual
(so that the betrayal is not easily noticed) but additionally
it sends a copy of what is printed to an external destination.

I hope that by default this is currently not possible
but I think many ask for such a default.

And vice versa:
Assume someone has set up the CUPS operation policy
"allowallforanybody" so that anyone can do any printing stuff
but this does not work under the Gnome desktop because
the Gnome desktop printer stuff does not work in compliance
with the CUPS "Operation Policies".

I did not test if this is actually the case.

I only like to point out that it is in general a bad idea
when a desktop environment would do such stuff on its own.

Generally:
It is a very bad idea when whatever kind of higher-level programs
do not work in compliance with the underlying lower-level stuff.


Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
This Thread