[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Initial CUPS auditing patch



Matt Anderson wrote:
Janak,

Thanks for the feedback.

Janak Desai wrote:

Is it possible to make the message a little more explanatory? That is, what does it mean when the ClassifyOverride flas is set or unset?


How about something like:

CUPS Config: ClassifyOverride is enabled, users can override print banners

CUPS Config: ClassifyOverride is disabled, users cannot override print banners


That works for me, however, as Steve pointed out, there are other issues (std format, searchability) that may dictate what the text looks like so lets punt on this for now.


+#ifdef WITH_AUDIT
+ audit_log(AuditLog, AUDIT_USER, "CUPS Job #%d: being printed on \"%s\" with label \"%s\"",
+ id, printer->name, mls_label);
+#endif /* WITH_AUDIT */



This audit record is created when the job is submitted. Is it possible that
on the filter side, the CLASSIFICATION environment variable can be
changed/overridden/deleted in such a way that affects the actual labels
that come out on pages?


That record is actually getting created in StartJob just before the exec of the filter. Theoretically the filter could ignore the environment variable, but I don't believe it could get deleted or changed. Putting the audit record in the filter wouldn't help that anyway since the same malicious filter that is ignoring the environment variable could just as easily audit a fake label.

Unless a clear need arises I'd like to keep this record in cupsd since the cups architecture is such that filters are supposed to be drop-ins. If we can avoid patching the filters it will make the patch that much more maintainable.


Ok, sounds good.

-Janak


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]