lør, 19.03.2005 kl. 15.49 skrev Paul Iadonisi: > On Sat, 2005-03-19 at 15:20 +0100, Kyrre Ness Sjobak wrote: > > [snip] > > > or print to a > > remote machine called "localhost" - thats effectively a forkbomb... > > Ewe! That sounds like an insanely simple exploit. Anyone want to > confirm this? If it's that easy, I'd call it bug. I tried reporting it, but it was closed as a "configuration error". Oh dear, having somebody walk up to your (wireless) nettwork, connecting a laptop with hostname "localhost" sharing a printer, and pressing print on one of the connected public terminals (which, just to make it funny, are thin clients). What effectively happens, is that the terminal sends the job to localhost - i.e. itself, which sends the job to localhost, which sends the job to localhost. I also guess they are all waiting for some confirmation "yup, printing finished" etc. Guess what happens to /var/spool/cups... Personally, would suggest that cups should do some kinds of sanity checking on the hostnames it recives - such as "do they map to the same host (IP) that sent the broadcast pacage? If not, just use the IP and screw the hostname - at least internally in CUPS." But if it *shows* a "thrusted" printserver (such as TopSecretPrinter@Securehost") name, but really sends it to "PostscriptDumpPassthrough@SpyHost" (Spyhost claiming it is Securehost, cups see it, guesses it is a misconfig - and ignores, sending to SpyHost), things could get really interesting... Kyrre Ness Sjøbæk
