[Pkg-cups-devel] Bug#644144: cups: CUPS always opening (UDP) port on all interfaces
Ralf Jung
ralfjung-e at gmx.de
Mon Oct 3 09:54:11 UTC 2011
Package: cups
Version: 1.5.0-8
Severity: normal
I have the following lines in my cupsd.conf to prevent CUPS from opening ports
on any external interface (I don't use this machine as printing server):
# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
However, "netstat -nlp" still shows
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
24600/cupsd
tcp6 0 0 ::1:631 :::* LISTEN
24600/cupsd
udp 0 0 0.0.0.0:631 0.0.0.0:*
24600/cupsd
So a port was opened on all interfaces, against my configuration.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-rc6-selfcompiled+ (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cups depends on:
ii adduser 3.113
ii bc 1.06.95-2+b1
ii cups-client 1.5.0-8
ii cups-common 1.5.0-8
ii cups-ppdc 1.5.0-8
ii debconf [debconf-2.0] 1.5.40
ii ghostscript 9.02~dfsg-3
ii libavahi-client3 0.6.30-5
ii libavahi-common3 0.6.30-5
ii libc6 2.13-21
ii libcups2 1.5.0-8
ii libcupscgi1 1.5.0-8
ii libcupsdriver1 1.5.0-8
ii libcupsimage2 1.5.0-8
ii libcupsmime1 1.5.0-8
ii libcupsppdc1 1.5.0-8
ii libdbus-1-3 1.4.16-1
ii libgcc1 1:4.6.1-4
ii libgnutls26 2.12.10-2
ii libgssapi-krb5-2 1.9.1+dfsg-1+b1
ii libijs-0.35 0.35-8
ii libkrb5-3 1.9.1+dfsg-1+b1
ii liblcms1 1.19.dfsg-1
ii libldap-2.4-2 2.4.25-3
ii libpam0g 1.1.3-2
ii libpaper1 1.1.24+nmu1
ii libpoppler13 0.16.7-2+b1
ii libslp1 1.2.1-7.8
ii libstdc++6 4.6.1-4
ii libusb-0.1-4 2:0.1.12-19
ii lsb-base 3.2-28
ii poppler-utils 0.16.7-2+b1
ii procps 1:3.2.8-11
ii ssl-cert 1.0.28
ii ttf-freefont 20100919-1
ii zlib1g 1:1.2.3.4.dfsg-3
Versions of packages cups recommends:
ii avahi-daemon <none>
ii colord <none>
ii cups-driver-gutenprint 5.2.7-2
ii foomatic-filters 4.0.9-1
ii ghostscript-cups 9.02~dfsg-3
Versions of packages cups suggests:
ii cups-bsd <none>
ii cups-pdf <none>
ii foomatic-db 20110803-3
ii hplip <none>
ii smbclient 2:3.5.11~dfsg-1
ii udev 172-1
-- Configuration Files:
/etc/cups/cupsd.conf changed:
LogLevel warn
MaxLogSize 0
SystemGroup lpadmin
Listen localhost:631
Listen /var/run/cups/cups.sock
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
DefaultAuthType Basic
WebInterface Yes
<Location />
Order allow,deny
</Location>
<Location /admin>
Order allow,deny
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM r
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM r
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM r
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM r
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM r
Order deny,allow
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM r
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM r
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM r
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
-- debconf information:
cupsys/raw-print: true
cupsys/backend: ipp, lpd, parallel, serial, socket, usb, snmp, dnssd
More information about the Pkg-cups-devel
mailing list