Activating the CUPS snmp backend in Ubuntu Feisty
Matt Zimmerman
mdz at ubuntu.com
Wed Mar 7 16:54:19 UTC 2007
I recommend that it be reviewed, with your proposal in mind, by Kees Cook
from the security team, if he has not already examined it.
On Mon, Feb 26, 2007 at 11:33:31PM +0000, Till Kamppeter wrote:
> Hi,
>
> on the IRC I talked with pitti about activating the CUPS backends which
> were de-activated by Debian by moving them into
> /usr/lib/cups/backend-available. The three de-activated backends are
> serial, scsi and snmp.
>
> Most important is snmp, as it makes it much easier for unexperienced
> users (our main audience) to set up network printers,
>
> The CUPS backend snmp serves only for auto-detecting network-connected
> printers in the local networks. It is called whenever CUPS is asked to
> detect printers (via "lpinfo -v". entering the admin page or adding a
> queue with the CUPS web interface, or adding a queue with most other
> printer setup tools, like gnome-cups-manager, KDE Print Manager, or
> printerdrake), It returns all detected network printers with there
> correct URIs (using the ipp, lpd, or socket backends for printing). So
> the user has only to click the auto-detection result and gets his
> network printer running.
>
> The detection is done by an SNMP broadcast asking for the printer MIB.
> This is only answered by printers and so only printers and not other
> SNMP-capable devices (like routers) get listed. This method is also very
> fast. The result appears in 3 or 4 seconds, even in big networks. No
> ping or portscan to unknown devices is performed and also no extra
> daemon is started and no ports get opened. snmp runs only the mentioned
> 3 or 4 seconds and it runs as the cupsys user and not as root (no SUID).
> So the impact to the system and the network is low. There are also no
> broadcasts into the internet with the default configuration of the snmp
> backend.
>
> Issues which users have reported with problems of correctly detecting
> printers of certain brands are fixed by Mike Sweet. So the backend is
> currently in a very good shape.
>
> It is also only needed for detecting printers, printing on the detected
> printers is then done with the ipp, socket, or lpd backends, so the snmp
> backend only gets invoked by printer admins to add a queue and never by
> normal users. So security risks are very low and "printing just works"
> experience is very high with it.
>
> Pitti is, like me, in favour of activating it, but I also post here
> because in a certain form this is adding a feature after feature freeze.
> So I want to know what is the general opinion about activating the CUPS
> snmp backend (and perhaps also the serial and scsi backends)?
>
> For testing do
>
> sudo ln /usr/lib/cups/backend-available/snmp /usr/lib/cups/backend/
> sudo ln /usr/lib/cups/backend-available/serial /usr/lib/cups/backend/
> sudo ln /usr/lib/cups/backend-available/scsi /usr/lib/cups/backend/
>
> and then run the printer setup tools which are available on your
> machine. Set up the printers which are detected now and try to print on
> them via the new print queues.
>
> For the implementation in Feisty the cupsys package only needs to create
> the above-mentioned links. No extra space on the CD is needed. Local
> admins can de-activate these backends again by removing the links, so no
> files need to be deleted or moved.
>
> Till
>
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
--
- mdz
More information about the Ubuntu-devel-discuss
mailing list