Re: CUPS 1.2: /dev uris will not work (by design)

To: debian-user@lists.debian.org, Kenward Vaughan <kay_jay@earthlink.net>
Cc: debian-printing@lists.debian.org
Subject: Re: CUPS 1.2: /dev uris will not work (by design)
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Tue, 13 Jun 2006 10:47:11 -0300
Message-id: <[🔎] 20060613134711.GC31705@khazad-dum.debian.net>
In-reply-to: <[🔎] 20060612234207.GA24234@rei.moonkingdom.net>
References: <[🔎] 20060609173606.GA2787@nitpicking.com> <[🔎] 20060610033249.GB29085@khazad-dum.debian.net> <[🔎] 20060610052106.GA13780@hpotter.vaughan.home> <[🔎] 20060611221139.GY8467@rei.moonkingdom.net> <[🔎] 20060612234207.GA24234@rei.moonkingdom.net>

On Mon, 12 Jun 2006, Marc Wilson wrote:
> As usual, Debian's CUPS is broken by default.

As usual, *CUPS* is broken.  Debian's own packaging can (and often does)
make it worse, though.

> *Whyinhell* the maintainer would ask a question regarding browsing, but not
> actually *DO* anything to make it work, is beyond me.

Bug. Single overworked maintainer + overly-complex piece of software.
Maybe someone with a lot of free time and good knowledge on CUPS could step
up to help him?

> Note to maintainer: telling CUPS to advertise printers but setting up
> cupsd.conf to only allow connections from localhost doesn't exactly work
> too well.  Certainly neither my several OS X machines nor my Windows XP
> machine think much of that.

File this as a bug, severity normal or important.

> We won't even talk about why the web interface offers to let you edit
> cupsd.conf (to fix things, no doubt), but the package seems to set the
> permissions on that file to make it impossible.

This is another bug.  That part of the web interface should be clearly
labelled as "disabled" when CUPS cannot write to its files.  I don't think
we should bother waiting for upstream on this one.  It would be also nice to
add a medium-priority debconf question about changing permissions to allow
remote server-configuration admin through the web interface, while clearly
warning people off the danger:

The default would have to be "disabled", because it is a potential major
security hazard. CUPS cannot be trusted to change its own running
environment while running as root -- too complex, not audited at all, not
well regression-tested.  And I should add, I heard from CUPS upstream
themselves that CUPS 1.2 is supposed to be secured using something external
like SE-Linux, if one wants to add any "extra security" to it.  This worried
me a damn great deal, maybe for no good reason but still...

Since this hazard is currently defanged anyway, it is either a severity minor or
normal bug (it is not wishlist, as the interface is there but not working
and without any warnings of that happening).

Please file the bugs on the Debian BTS (using the reportbug tool), it will
be far more effective than complaining on a debian-user thread which I
wouldn't assume to be actively read by the maintainer (unlike, say,
debian-printing@l.d.o).

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: CUPS 1.2: /dev uris will not work (by design)
  - From: Roger Leigh <rleigh@whinlatter.ukfsn.org>

References:
- CUPS 1.2: doesn't actually print
  - From: Carl Fink <carl@finknetwork.com>
- CUPS 1.2: /dev uris will not work (by design)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: CUPS 1.2: /dev uris will not work (by design)
  - From: Kenward Vaughan <kay_jay@earthlink.net>
- Re: CUPS 1.2: /dev uris will not work (by design)
  - From: Marc Wilson <msw@cox.net>
- Re: CUPS 1.2: /dev uris will not work (by design)
  - From: Marc Wilson <msw@cox.net>

Prev by Date: RE: Gnome xml parsing error & only allows one login
Next by Date: No Images in Mozilla
Previous by thread: Re: CUPS 1.2: /dev uris will not work (by design)
Next by thread: Re: CUPS 1.2: /dev uris will not work (by design)
Index(es):
- Date
- Thread