From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael C Thompson <thompsmc@us.ibm.com>
Subject: Re: Re: cups userspace -- trusted programs?
Date: Mon, 05 Jun 2006 13:25:43 -0500
Message-ID: <44847727.6070800@us.ibm.com>
References: <447DF735.9090706@us.ibm.com> <447E1EB8.70907@hp.com>
	<447F15CC.4070308@us.ibm.com> <448473B1.5040501@hp.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <redhat-lspp-bounces@redhat.com>
In-Reply-To: <448473B1.5040501@hp.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/redhat-lspp>,
	<mailto:redhat-lspp-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/redhat-lspp>
List-Post: <mailto:redhat-lspp@redhat.com>
List-Help: <mailto:redhat-lspp-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/redhat-lspp>,
	<mailto:redhat-lspp-request@redhat.com?subject=subscribe>
Sender: redhat-lspp-bounces@redhat.com
Errors-To: redhat-lspp-bounces@redhat.com
To: Matt Anderson <mra@hp.com>
Cc: redhat-lspp@redhat.com, Steve Grubb <sgrubb@redhat.com>, Linda Knippers <linda.knippers@hp.com>, Linux Audit <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

Matt Anderson wrote:
> Michael C Thompson wrote:
>>>> Personally, I think these tools should generate messages since they 
>>>> are a source for leaking information, and therefore should be 
>>>> restricted to administrators.
> 
> I don't think they should be considered a source for leaking 
> information.  The only thing I see isn't a leak so much as a (extremely 
> low bandwidth) covert channel of "is the printer enabled or disabled?" 
> Since the use of these programs is restricted, we're covered under 
> no-evil-admin.

How are these restricted? Or rather, how are they supposed to be 
restricted? I am able to cupsenable, cupsdisable, accept and reject my 
printer as a non-root user under both permissive and enforcing modes.

>> Aside from what is *required*, I thought it would be a good thing to 
>> log the queue/printer enable/disable. However, if cups is logging 
>> that, I'm not sure it is worth being redundant in our logs.
> 
> As long as LogLevel is set to info or higher you'll get a message in 
> /var/log/cups/error_log like:
> 
> [Timestamp] Printer 'foo' stopped by 'root'.
> 
> I think I agree with you that its probably not worth being redundant, 
> but if for someone finds a requirement for this to go to the audit log I 
> don't see any issues around adding that.
> 
> -matt


--
redhat-lspp mailing list
redhat-lspp@redhat.com
https://www.redhat.com/mailman/listinfo/redhat-lspp