Solomon Peachy wrote: > Those that do appear show up as "queuename at host" or > "mfg_model_hostname" I can trust that they always contain either the string " at " or two underscores? Or is that just what well-behaved printers do, while an attacker can name their fake printer however they want? > (for native IPP printers, there's usually a partial > MAC address in there by default too) Security has no use for "usually". > Queues you create > manually/permanently can be called whatever you want and point wherever > you want. So if I see a print queue whose name contains neither the word "at" nor any underscores, is that a guarantee that it's a manually configured queue? In that case I may be able to keep my configured queue and know that I'm sending to my USB printer (or, I guess, redo the configuration when I'm forced to wrap a web server around the USB printer). But the existence of two different naming schemes makes me suspect that there is no such guarantee. I thought for a while that I could configure an unguessable queue name to let me distinguish between my own print queue and the attacker's, but that won't work. A DNS rebinding attack would let the attacker read the queue name from CUPS' web interface, so I can't rely on the queue name being secret. > CUPS's auto-discovery mechanisms have _always_ assumed the > local network can be trusted. You mean CUPS _already_ allows an attacker on the local link to impersonate my USB printer, even before it starts wrapping web servers around USB printers? That's disappointing, but at this point I'm quite ready to believe it. > Sure, someone could be spoofing a specific printer name/identifier just > so they can capture a document *you* want to print, but if there's that > level of persistant hostile presence on your local network, you're > already completly screwed. I would be if I would use insecure protocols on that network – but I stopped using Telnet, SMB and FTP at home decades ago. Björn Persson
Attachment:
pgpFvjg0tss7t.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
