[Pkg-cups-devel] Bug#539156: Bug#614713: cups-pdf: installation asks for a password

Daniel Reichelt debian at nachtgeist.net
Sun Apr 24 04:15:48 UTC 2011 

Hi Guys,

I did some strace'ing of the troubling lpadmin invocation both on the
host rootfs and within the chroot and after the connect() call I noticed
some numeric named files in /var/run/cups/certs get accessed:

Host:
--------8<---------
connect(4, {sa_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
sendto(4, "POST /admin/ HTTP/1.1\r\nContent-L"..., 140, 0, NULL, 0) = 140
brk(0x7f64f8a26000)                     = 0x7f64f8a26000
sendto(4, "\1\1@\3\0\0\0\1\1G\0\22attributes-charset\0\5"..., 173, 0,
NULL, 0) = 173
poll([{fd=4, events=POLLIN}], 1, 1000)  = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "HTTP/1.1 100 Continue\r\n\r\nHTTP/1."..., 2048, 0, NULL,
NULL) = 803
open("/var/run/cups/certs/4099", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/var/run/cups/certs/0", O_RDONLY) = 5
--------8<---------

Chroot:
--------8<---------
connect(4, {sa_family=AF_INET, sin_port=htons(631),
sin_addr=inet_addr("127.0.0.1")}, 16) = 0
sendto(4, "POST /admin/ HTTP/1.1\r\nContent-L"..., 140, 0, NULL, 0) = 140
brk(0x7f37285c1000)                     = 0x7f37285c1000
sendto(4, "\1\1@\3\0\0\0\1\1G\0\22attributes-charset\0\5"..., 173, 0,
NULL, 0) = 173
poll([{fd=4, events=POLLIN}], 1, 1000)  = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "HTTP/1.1 100 Continue\r\n\r\nHTTP/1."..., 2048, 0, NULL,
NULL) = 803
open("/var/run/cups/certs/13154", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/var/run/cups/certs/0", O_RDONLY) = -1 ENOENT (No such file or
directory)
--------8<---------

While the first calls to 4099/13154 fail on both sides, access to "0"
succeeds on the host while "0" isn't present in the chroot. After I
manually copied that file from host to chroot and did a chgrp lpadmin 0,
lpadmin went through with it just fine.

So, obviously that has something to do with encryption, which IMO in
this case is superfluous since the connection is made to localhost.
Would not making encryption mandatory for -d, -p, -x, -E (as it is right
now, according to the manpage) in case the connection is made to
localhost be the right way to solve this?

HTH, cheers,

Daniel

PS: Please let me know if the CC to #539156 was necessary or if the
subscribers got merged as well when these bugs were merged...

More information about the Pkg-cups-devel mailing list