165677 – Printing to a SMB printer reveals credentials.

Bug 165677 - Printing to a SMB printer reveals credentials.

Summary: Printing to a SMB printer reveals credentials.

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cups
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tim Waugh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-08-11 11:25 UTC by Nils Olav Selåsdal
Modified:	2007-11-30 22:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-08-11 11:55:37 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nils Olav Selåsdal 2005-08-11 11:25:46 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b3) Gecko/20050729 Fedora/1.1-0.2.5.deerpark.alpha2 Firefox/1.0+

Description of problem:
$ ps -ef |grep smb
root      1920     1  0 Aug08 ?        00:00:00 smbd -D
root      1922  1920  0 Aug08 ?        00:00:00 smbd -D
root     23715  1920  0 Aug09 ?        00:00:00 smbd -D
root     23716  1920  0 Aug09 ?        00:00:04 smbd -D
root     26309  1754  0 Aug10 ?        00:00:00 smb://192.168.170.20/nolav:vin2004.170.20/HPLaserJet2300 27 noselasd  1  /var/spool/cups/d00027-001
root     28167  1920  0 08:13 ?        00:00:00 smbd -D
root     28168  1920  0 08:13 ?        00:00:01 smbd -D

Cups has been configured manually iirc, with a url for the printer as 
smb://192.168.170.20/nolav:vin2004.170.20/HPLaserJet2300
(as that was the originally the only way on FC2 I could get it to work)
As shown above, something (cups/samba ?) changes the name of a process to this URL which includes the user and password.



Version-Release number of selected component (if applicable):
cups-1.1.23-16,samba-3.0.14a-2

How reproducible:
Didn't try

Steps to Reproduce:
I'm not sure how.

Actual Results:  Process reveals credentials through process name.

Expected Results:  Credentials hidden.

Additional info:

Comment 1 Tim Waugh 2005-08-11 11:55:37 UTC

You're using the wrong URI form.  Refer to /usr/share/doc/cups-*/sam.html:

smb://workgroup/server/sharename
smb://server/sharename
smb://user:pass@workgroup/server/sharename
smb://user:pass@server/sharename

are the accepted forms.

Comment 2 Nils Olav Selåsdal 2005-08-11 12:33:33 UTC

Agreed, it seems the printers.conf has, for some odd reason
DeviceURI
smb://nilsolav:w84xmas.170.20/nilsolav:w84xmas.170.20/HPLaserJet2300

To my defence, this was created by the FC2 printer config actually, and I havnt'
touched it since upgrading.

I take it it masks out the credentials on valid URIs, and all is well.

Note You need to log in before you can comment on or make changes to this bug.