Bug#711848: cups-client: lp and lpr print the document on a wrong printer
Hi again Vincent,
Le lundi, 10 juin 2013 12.56:33, Vincent Lefevre a écrit :
> Well, this may be server dependent. I suspect a bug related to the
> authentication mechanism. When I do "lpq", authentication is not
> required, so that its output is OK. However some printers need
> authentication (the user's password). Perhaps lp and lpr ignore the
> default printer when it requires authentication, or something like
> that? The printer to which the files had been sent doesn't require
> a password.
>
> Note that the -P lpr option works as expected (and the password must
> be typed).
Thanks for the followup.
> > What are the access rights and contents of /etc/cups/lpoptions and
> > .cups/lpoptions ?
>
> ypig:~> cat /etc/cups/lpoptions
> cat: /etc/cups/lpoptions: No such file or directory
>
> ypig:~> cat .cups/lpoptions
> Dest lip-multi-3 ColorModel=Gray Resolution=1200dpi
> Default lipucb-mono-1
Can you provide the access rights of .cups/lpoptions?
$ ls -l ~/.cups/lpoptions
> > > CUPS 1.5.x didn't have such a problem.
> > >
> > > This is a big security problem when one wants to print documents
> > > with confidential information...
> >
> > Granted, that's a bug, but it doesn't fit my reading of "serious" [0],
> > it's at most important, hereby downgrading.
>
> I disagree. I see [0] as giving a non-exhaustive list of grave/critical
> problems. For instance, a bug that would make a mail server an open
> relay by default should also be seen as a grave/critical bug, even
> though such a problem isn't listed in [0]. It should include problems
> like private data disclosure.
It's fine for you to disagree, but the list [0] is considered as authoritative
on bugs severities. If you think this list should be changed, please start a
discussion on a proper forum; probably a bug on debian-policy as it's 1.1
chapter defines what bug corresponds to a "serious" severity, which is
completed by the Release Team's RC policy [1]. Under the current rules, this
bug doesn't fit the defintion of serious in my reading.
(Please also take a look at the Developers' Reference, §5.8.3, alinea 3 [2]).
Cheers,
OdyX
[0] http://www.debian.org/Bugs/Developer.en.html#severities
[1] http://release.debian.org/jessie/rc_policy.txt
[2] http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-
housekeeping
Reply to: