https://bugzilla.novell.com/show_bug.cgi?id=752454
https://bugzilla.novell.com/show_bug.cgi?id=752454#c26
--- Comment #26 from Johannes Meixner 2012-03-28 13:12:55 UTC ---
Proposal regarding "only install 'system-owned' drivers/PPDs":
Test if all official openSUSE printer driver software packages
(i.e. packages from official openSUSE respositories) are installed
and if not, offer a dialog to let normal users choose which to install.
Then install them as setuid-root background process. Afterwards
restrict normal users to use only PPDs below /usr/share/cups/model/.
Of course normal users can then not set up printers which
require a driver which is not provided by openSUSE.
E.g. HP printers which require a proprietary plugin
to be downloaded from HP and installed, see the output of
# lpinfo -m | grep 'proprietary'
By the way, regarding comment #22:
I do not understand why
"Not even allow them to install socket:// printers
only real hardware"?
For me a network printer is "real hardware".
What is the security issue with network printers?
If a network printer is directly accessible via TCP socket,
all normal users can send any data to it.
Therefore I do not see a security issue when the same
would be done as user "lp" via a print queue.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.