Bug 2019
Summary: | Printing to a smb printer stores printer passwd and username in plain text file. | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | jaras |
Component: | samba | Assignee: | Trond Eivind Glomsrxd <teg> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 5.2 | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1999-04-06 14:42:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
jaras
1999-04-06 02:44:46 UTC
It's always been this way; in fact, if you read the large warning that appears in printtool: " - WARNING - The use of a remote SMB/Windows 95/NT printer may require a username and password for its server. These are stored unencrypted in a script locally, and must be passed on the command line to the smbclient program. In other words, it is possible for another person to learn of the username and password. It is therefore recommended that the username and password for the use of the printer to NOT BE the same as that for a user account on the local Linux box. That way, if this information is compromised, the only possible damage is unauthorized use of the printer. If there are file shares from the server, it would be best if they required a different password than that required for the use of the printer, for the same reason. - The file has to be world readable, or otherwise only root can print. ------- Additional Comments From 09/30/99 15:44 ------- One way round this problem would be to do what I do with a similar script I use that requires passwords to be presented on the command line: put the passwords in a separate file and use `cmd` to insert them. As an example, try something like the following shell script: Q> #!/bin/bash Q> printf 'For your reference, I am "%s"\n' \ Q> `grep "^\`id -un\`" /etc/passwd | cut -d : -f 5` Try running it, and you will see that it happily displays the specified field from the said user's password entry, but at no time does the said field ever appear in any history file or any ps or top command listing. I'm no expert on samba by any means, but surely something along these lines could be used ??? |