https://bugzilla.novell.com/show_bug.cgi?id=752454 https://bugzilla.novell.com/show_bug.cgi?id=752454#c30 --- Comment #30 from Johannes Meixner <jsmeix@suse.com> 2012-03-29 07:26:20 UTC --- A malicious user on another host (where he has root permissions e.g. a malicious user who connects his own laptop to the network) can usually fake whatever server and service in the network. As far as I see the particular "fake network printer" security issue is the same as the general "print job phishing" security issue which I described in "What is Specific Regarding Firewall Setup for Printing" in http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings And - as far as I see - the "print job phishing" issue is the same as the general phishing security issue. When a user submits data into a network he must care whether or not he trusts this network. If he cannot trust the network he must not submit private or confidential data into this network - except he had set up in advance sufficient encryption and authentication stuff to ensure that only his intended recipient can decode his data (regardless that all others in those network could have also received his encrypted data). If he cannot trust the network he must not log in on arbitrary web interfaces which are "just accessible" for him. If he cannot trust the network he must not submit his private or confidential print jobs into arbitrary print queues which are "just accessible" for him. If he cannot trust the network he must not set up print queues for network printers which are "just accessible" for him. Therefore I think it does not provide real better security to forbid only one "possibly phishing" case to set up print queues where the connection happens via network (i.e. with DeviceURIs like socket:/ lpd:/ smb:/ ipp:/ hp:/net/ ...). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.