cupsys - enable browsing or not?

Matt Zimmerman mdz at ubuntu.com
Wed Apr 26 19:15:09 BST 2006


On Wed, Apr 26, 2006 at 07:35:57PM +0200, Ante Karamatić wrote:
> On Wed, 26 Apr 2006 10:00:50 -0700
> Matt Zimmerman <mdz at ubuntu.com> wrote:
> 
> > It exposes the user to a potential security risk by activating a
> > network service, and so it is appropriate to warn first.
> 
> Well, it doesn't accutally activate network service. That process
> doesn't serve anything to anyone. It works exactlly the same as
> dhclient.

In CUPS browsing, the client listens for messages and uses the information
they contain to add new printers to its configuration.  As far as I am
aware, these messages are entirely unauthenticated and may originate
anywhere.  It is an open service.

dhclient, in contrast, listens for responses from the server with which it
is interacting.  Packets which do not correspond to a transaction in
progress are dropped (though not quite as early as I'd like).  Forgery
requiires at least the ability to intercept the DHCP traffic on the LAN and
win a race.

-- 
 - mdz



More information about the ubuntu-devel mailing list