https://bugzilla.novell.com/show_bug.cgi?id=752454 https://bugzilla.novell.com/show_bug.cgi?id=752454#c0 Summary: AUDIT: need cups & cups-pk-helper audit to allow change in cups-pk-helper policies Classification: openSUSE Product: openSUSE 12.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Printing AssignedTo: jsmeix@suse.com ReportedBy: vuntz@suse.com QAContact: jsmeix@suse.com CC: lnussel@suse.com, aj@suse.com Blocks: 749451 Found By: --- Blocker: --- To allow changing the cups-pk-helper policies, we need a new audit. Currently, all policies are auth_admin_keep. We'd like to relax some of those. Fixing this will result in fixing bug 749451. The result will likely affect the decisions taken upstream, see https://bugs.freedesktop.org/show_bug.cgi?id=46943 ================================================== 1. org.opensuse.cupspkhelper.mechanism.devices-get ================================================== This gets a list of available devices; internally, this uses cupsGetDevices(). => We'd like to change this policy to "yes". Here's some preliminary analysis I did: === I don't know cups code in details, but a quick look tells me that this runs /usr/lib/cups/daemon/cups-deviced. This small utility will then run all binaries in /usr/lib/cups/backend/ with no argument and analyze their output. On my system, I have those ones in /usr/lib/cups/backend/: -rwxr-xr-x 1 root root 7250 16 févr. 15:18 beh -rwxr-xr-x 1 root root 18088 3 mars 16:19 hp lrwxrwxrwx 1 root root 3 8 mars 18:21 http -> ipp lrwxrwxrwx 1 root root 3 8 mars 18:21 https -> ipp -rwx------ 1 root root 59456 3 mars 15:48 ipp lrwxrwxrwx 1 root root 3 8 mars 18:21 ipps -> ipp -rwx------ 1 root root 38780 3 mars 15:48 lpd -r-xr-xr-x 1 root root 30540 3 mars 15:48 parallel -r-xr-xr-x 1 root root 30532 3 mars 15:48 serial lrwxrwxrwx 1 root root 17 12 mars 15:18 smb -> /usr/bin/smbspool -r-xr-xr-x 1 root root 22292 3 mars 15:48 snmp -r-xr-xr-x 1 root root 30528 3 mars 15:48 socket -r-xr-xr-x 1 root root 30532 3 mars 15:48 usb I haven't read the code of all of those, but: - http/https/ipp/ipps: doesn't do anything with no argument (just printf) - lpd: same, just printf - parallel: calls a list_devices() function, that opens file in /dev (/dev/parallel/{0,1,2,3}, /dev/printers/{0,1,2,3}, /dev/lp{0,1,2,3}) to get some information about the device ID - serial: calls a list_devices() function, that opens file in /dev (/dev/ttyS*, /dev/ttyUSB*, /dev/ttyQ*e* -- it's not really "*", see the code), just to see if the open() works - socket: doesn't do anything with no argument (just printf) The snmp binary seems to do something based on a configuration file; for the usb binary, I'm unsure which source file is being used... === ========================================================== 2. org.opensuse.cupspkhelper.mechanism.printer-set-default ========================================================== This just changes the default printer. This can easily be reverted. => We'd like to change this policy to "yes". ===================================================== 3. org.opensuse.cupspkhelper.mechanism.printer-enable ===================================================== This enables/disable a printer. This can easily be reverted. => We'd like to change this policy to "yes". ========================================================== 4. All of: org.opensuse.cupspkhelper.mechanism.printer-local-edit org.opensuse.cupspkhelper.mechanism.printer-remote-edit org.opensuse.cupspkhelper.mechanism.class-edit ========================================================== Those can involve uploading a PPD file to CUPS, so we need to have some authentication to prevent this happening without the user being aware of the change. However, I don't think it's useful to assume the user will be malicious, so authentication from user is enough, I'd say. I'd like to move this to auth_self_keep, but Ludwig points out that we don't want to use such a policy. If the PPD file is the only use that causes the use of auth_admin_keep, then we could add some polkit acitons, so that auth_admin_keep is used when a PPD file is involved, and yes is used in other cases. To know what can be done, Ludwig mentioned the code needs to be audited. => Find during the audit what we can do to improve things here. =============================================== 5. org.opensuse.cupspkhelper.mechanism.all-edit =============================================== This is "meta" action. So it needs to be set to the most restrictive value between devices-get, printer-set-default, printer-enable, printer-local-edit, printer-remote-edit, class-edit and job-edit. => We'd like to change this policy to whatever we decide in 4. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.