[Pkg-cups-devel] Bug#289886: marked as done (cupsys: cupsd listens on non-local interfaces by default)

Debian Bug Tracking System owner at bugs.debian.org
Sun Dec 18 03:18:04 UTC 2005


Your message dated Sun, 18 Dec 2005 12:12:46 +0900
with message-id <20051218031247.17141222F44 at mail.topstudio.co.jp>
and subject line Bug#289886: cupsys: cupsd listens on non-local interfaces by default
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Jan 2005 16:11:08 +0000
>From lucas at bergmans.us Tue Jan 11 08:11:07 2005
Return-path: <lucas at bergmans.us>
Received: from linode.bergmans.us (bergmans.us) [64.62.190.70] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CoObr-00083L-00; Tue, 11 Jan 2005 08:11:07 -0800
Received: from laptop.bergmans.us (unknown [216.146.80.163])
	by bergmans.us (Postfix) with ESMTP
	id AE2892B7E7; Tue, 11 Jan 2005 11:11:06 -0500 (EST)
Received: by laptop.bergmans.us (Postfix, from userid 1000)
	id E67B14F0011; Tue, 11 Jan 2005 10:11:05 -0600 (CST)
Content-Type: multipart/mixed; boundary="===============0954601723=="
MIME-Version: 1.0
From: Lucas Bergman <lucas at bergmans.us>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: cupsys: cupsd listens on non-local interfaces by default
X-Mailer: reportbug 3.5
Date: Tue, 11 Jan 2005 10:11:05 -0600
Message-Id: <20050111161105.E67B14F0011 at laptop.bergmans.us>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

This is a multi-part MIME message sent by reportbug.

--===============0954601723==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: cupsys
Version: 1.1.23-1
Severity: normal
Tags: patch

>From the default cupsd.conf, cupsd listens on all IP interfaces
on port 631 by default.  This seems to violate the rule of minimal
exposure, parading CUPS before the network by default.  A (silly)
patch to cupsd.conf is attached that tells cupsd to listen only on
127.0.0.1, port 631.  FWIW, this is the default on many systems,
including Mac OS X.

Considerations: First, it might be appropriate to have a debconf item
that asks whether one wants one's printers "shared" over the network,
with a warning that it increases the surface of one's computer
exposed to security bugs in CUPS.  Second, will this break any of
the CUPS-configuring GUIs out there?  I admittedly know nothing about
any of them.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages cupsys depends on:
ii  adduser                     3.59         Add and remove users and groups
ii  debconf                     1.4.41       Debian configuration management sy
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  libcupsimage2               1.1.23-1     Common UNIX Printing System(tm) - 
ii  libcupsys2-gnutls10         1.1.23-1     Common UNIX Printing System(tm) - 
ii  libgnutls11                 1.0.16-13    GNU TLS library - runtime library
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libpaper1                   1.1.14-3     Library for handling paper charact
ii  libslp1                     1.0.11-7     OpenSLP libraries
ii  patch                       2.5.9-2      Apply a diff file to an original
ii  perl-modules                5.8.4-5      Core Perl modules
ii  xpdf-utils                  3.00-11      Portable Document Format (PDF) sui
ii  zlib1g                      1:1.2.2-4    compression library - runtime

-- debconf information excluded

--===============0954601723==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cupsd.conf-slb-20050111.diff"

--- cupsd.conf.orig	2005-01-11 10:01:31.000000000 -0600
+++ cupsd.conf	2005-01-11 10:01:58.000000000 -0600
@@ -425,7 +425,8 @@
 
 #Port 80
 #Port 443
-Port 631
+#Port 631
+Listen 127.0.0.1:631
 
 #
 # HostNameLookups: whether or not to do lookups on IP addresses to get a

--===============0954601723==--

---------------------------------------
Received: (at 289886-done) by bugs.debian.org; 18 Dec 2005 03:12:48 +0000
>From kmuto at topstudio.co.jp Sat Dec 17 19:12:48 2005
Return-path: <kmuto at topstudio.co.jp>
Received: from orochi.topstudio.co.jp
	([202.229.186.25] helo=mail.topstudio.co.jp ident=postfix)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1Enoye-0001g8-9z
	for 289886-done at bugs.debian.org; Sat, 17 Dec 2005 19:12:48 -0800
Received: from localhost (localhost [127.0.0.1])
	by mail.topstudio.co.jp (Postfix) with ESMTP id 4E7DB22301E
	for <289886-done at bugs.debian.org>; Sun, 18 Dec 2005 12:12:47 +0900 (JST)
Received: from mail.topstudio.co.jp ([127.0.0.1])
	by localhost (hydra [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 32060-07 for <289886-done at bugs.debian.org>;
	Sun, 18 Dec 2005 12:12:47 +0900 (JST)
Received: from unicorn.localhost (orochi.topstudio.co.jp [202.229.186.25])
	by mail.topstudio.co.jp (Postfix) with ESMTP id 17141222F44
	for <289886-done at bugs.debian.org>; Sun, 18 Dec 2005 12:12:47 +0900 (JST)
Date: Sun, 18 Dec 2005 12:12:46 +0900
From: Kenshi Muto <kmuto at debian.org>
To: 289886-done at bugs.debian.org
Subject: Re: Bug#289886: cupsys: cupsd listens on non-local interfaces by default
In-Reply-To: <20050111161105.E67B14F0011 at laptop.bergmans.us>
References: <20050111161105.E67B14F0011 at laptop.bergmans.us>
User-Agent: Wanderlust/2.15.1 (Almost Unreal) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 MULE XEmacs/21.4 (patch
 17) (Jumbo Shrimp) (i386-debian-linux)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20051218031247.17141222F44 at mail.topstudio.co.jp>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at topstudio.co.jp
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

CUPS since -13 uses localhost:631 as default instead of *:631.

Thanks,
-- 
Kenshi Muto
kmuto at debian.org

At Tue, 11 Jan 2005 10:11:05 -0600,
Lucas Bergman wrote:
> Package: cupsys
> Version: 1.1.23-1
> Severity: normal
> Tags: patch
> 
> >From the default cupsd.conf, cupsd listens on all IP interfaces
> on port 631 by default.  This seems to violate the rule of minimal
> exposure, parading CUPS before the network by default.  A (silly)
> patch to cupsd.conf is attached that tells cupsd to listen only on
> 127.0.0.1, port 631.  FWIW, this is the default on many systems,
> including Mac OS X.



More information about the Pkg-cups-devel mailing list