tir, 16.11.2004 kl. 00.14 skrev Colin Walters: > On Mon, 2004-11-15 at 18:06 -0500, Havoc Pennington wrote: > > On Mon, 2004-11-15 at 22:40 +0100, Kyrre Ness Sjobak wrote: > > > > > > I *think* most people would be very, very angry if you killed their > > > ability to print... > > > > > > > Of course, we shouldn't need a cups daemon for client-only machines in > > many cases > > Well, right now the CUPS server is also used to pick up IPP broadcasts. > It would be nice to have an IPP notification only daemon for security > reasons too though. > When you mention security: Try this: Hook a computer which shares a printer up to a network. Make sure the host is named "localhost". Cups will now broadcast that "localhost" is sharing printer "Überprinter3" Now log in at another machine, and try to *print* to that printer. Make sure you DO have root access to the machine - you will have to stop cups and clear out its spool catalog. What happens is that cups don't do any sanity checks on the recieved broadcasts - if it recives a broadcast from "192.168.0.5" saying that "localhost" is sharing "überprinter 3" it just stores that - no sanity checks such as trying to look up the hostname and seeing that it does resolve corectly. So it sends the job to itself, which is recived, sent to itself und zu weiter... -- Fedora-desktop-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-desktop-list
