Activating the CUPS snmp backend in Ubuntu Feisty
Martin Pitt
martin.pitt at ubuntu.com
Thu Mar 8 07:33:21 GMT 2007
Hi,
Kees Cook [2007-03-07 17:45 -0800]:
> On Wed, Mar 07, 2007 at 08:54:19AM -0800, Matt Zimmerman wrote:
> > I recommend that it be reviewed, with your proposal in mind, by Kees Cook
> > from the security team, if he has not already examined it.
>
> Martin, are you in favour of this on principle, or did you already
> examine the code?
The general design of snmp printer detection seems sane to me. It does
not involve huge network flooding, is only active when actually
detecting printers (not all the time), and it does not open ports. So
I am fine with the enabling; however, I didn't audit the code yet.
> My instinct would be that this is no less safe than trusting
> avahi-discovered devices, but I'd like to examine the code paths
> just in case.
Right, and these SNMP printers are not even 'spontaneously'
displayed/used, they just appear in the list of 'detected network
printers' when adding a printer, so the 'distinguish clearly' part of
our policy matches as well.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20070308/d3a1dc96/attachment.pgp
More information about the ubuntu-devel
mailing list