Bug 509588
Summary: | Passwords in printer URIs are shown to normal users. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bruno Wolff III <bruno> |
Component: | system-config-printer | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 11 | CC: | jpopelka, twaugh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.1.13-3.fc11 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-10-09 03:33:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 516998 |
Description
Bruno Wolff III
2009-07-03 19:33:54 UTC
I don't see this here. CUPS "sanitises" device URIs before handing them to system-config-printer, so if there is information leakage it is a CUPS bug. Can you please explain how to reproduce what you're seeing, step-by-step? Thanks. I found I was doing something that's possibly off the beaten path. An update last week broken DNS for some apps and I didn't notice the true problem right away. The first thing I noticed was that printing was broken. While trying to work on this I ended up selecting "Set authentication details now" instead of "Prompt user if authentication is required". Trying out the latter again results in a displayed uri without the password. But when I change the set up again using the former, the password does show up in the URI. Is that enough information for you to duplicate the issue? Sorry, I still can't reproduce it from this. Please tell me which buttons to click, and in which order.. ;-) First I go to System -> Admionistration -> Printing from the menu. (I have my system and normal menus combined on the panel.) Then I double click on the icon for the one printer I have configured that is handled by a windows server using smb. The I hit the higher of the two change buttons. This one is in line with the Device URI information. Then I select the Set authentication now radio button. Then I enter a my user name with 'ad/' as part of the username and password needed to access that printer. Then I hit verify. Then I hit apply. Then I observe my password is shown. While testing this I discovered that if I don't include 'ad/' the verify still works, but the password isn't shown. If I use 'ad\' then the password also isn't shown but verifies. I also don't need to hit the verify button, so it looks like this is testable even without an smb printer being available. Example output from the device URI (with a bogus password): smb://ad/bruno:fhthrthyhn.uwm.edu/bol225b_PS Ah, OK, I see it now. Thanks. Fix committed upstream. Work-around is to use the CUPS web interface (or lpadmin) to alter the device URI by changing "/" in the username section to "%2F". system-config-printer-1.1.10-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/system-config-printer-1.1.10-1.fc11 system-config-printer-1.1.10-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.11-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.12-4.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.12-6.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.12-8.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.13-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.13-2.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.13-3.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update system-config-printer'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8108 system-config-printer-1.1.13-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |