[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [redhat-lspp] Re: cups userspace -- trusted programs?
- From: Matt Anderson <mra hp com>
- To: Michael C Thompson <thompsmc us ibm com>
- Cc: redhat-lspp redhat com, Steve Grubb <sgrubb redhat com>, Linda Knippers <linda knippers hp com>, Linux Audit <linux-audit redhat com>
- Subject: Re: [redhat-lspp] Re: cups userspace -- trusted programs?
- Date: Mon, 05 Jun 2006 14:10:57 -0400
Michael C Thompson wrote:
Personally, I think these tools should generate messages since they
are a source for leaking information, and therefore should be
restricted to administrators.
I don't think they should be considered a source for leaking
information. The only thing I see isn't a leak so much as a (extremely
low bandwidth) covert channel of "is the printer enabled or disabled?"
Since the use of these programs is restricted, we're covered under
no-evil-admin.
Aside from what is *required*, I thought it would be a good thing to log
the queue/printer enable/disable. However, if cups is logging that, I'm
not sure it is worth being redundant in our logs.
As long as LogLevel is set to info or higher you'll get a message in
/var/log/cups/error_log like:
[Timestamp] Printer 'foo' stopped by 'root'.
I think I agree with you that its probably not worth being redundant,
but if for someone finds a requirement for this to go to the audit log I
don't see any issues around adding that.
-matt
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]