[redhat-lspp] Re: cups userspace -- trusted programs?
Michael C Thompson
thompsmc at us.ibm.com
Mon Jun 5 18:25:43 UTC 2006
Matt Anderson wrote:
> Michael C Thompson wrote:
>>>> Personally, I think these tools should generate messages since they
>>>> are a source for leaking information, and therefore should be
>>>> restricted to administrators.
>
> I don't think they should be considered a source for leaking
> information. The only thing I see isn't a leak so much as a (extremely
> low bandwidth) covert channel of "is the printer enabled or disabled?"
> Since the use of these programs is restricted, we're covered under
> no-evil-admin.
How are these restricted? Or rather, how are they supposed to be
restricted? I am able to cupsenable, cupsdisable, accept and reject my
printer as a non-root user under both permissive and enforcing modes.
>> Aside from what is *required*, I thought it would be a good thing to
>> log the queue/printer enable/disable. However, if cups is logging
>> that, I'm not sure it is worth being redundant in our logs.
>
> As long as LogLevel is set to info or higher you'll get a message in
> /var/log/cups/error_log like:
>
> [Timestamp] Printer 'foo' stopped by 'root'.
>
> I think I agree with you that its probably not worth being redundant,
> but if for someone finds a requirement for this to go to the audit log I
> don't see any issues around adding that.
>
> -matt
More information about the Linux-audit
mailing list