[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Re: cups userspace -- trusted programs?



Matt Anderson wrote:
Michael C Thompson wrote:
Personally, I think these tools should generate messages since they are a source for leaking information, and therefore should be restricted to administrators.

I don't think they should be considered a source for leaking information. The only thing I see isn't a leak so much as a (extremely low bandwidth) covert channel of "is the printer enabled or disabled?" Since the use of these programs is restricted, we're covered under no-evil-admin.

How are these restricted? Or rather, how are they supposed to be restricted? I am able to cupsenable, cupsdisable, accept and reject my printer as a non-root user under both permissive and enforcing modes.

Aside from what is *required*, I thought it would be a good thing to log the queue/printer enable/disable. However, if cups is logging that, I'm not sure it is worth being redundant in our logs.

As long as LogLevel is set to info or higher you'll get a message in /var/log/cups/error_log like:

[Timestamp] Printer 'foo' stopped by 'root'.

I think I agree with you that its probably not worth being redundant, but if for someone finds a requirement for this to go to the audit log I don't see any issues around adding that.

-matt



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]