Red Hat Bugzilla – Bug 3077
smb print user's password stored in world-readable plaintext
Last modified: 2008-05-01 11:37:50 EDT
I have my machine configured to print to a print server running on a Windows box. The password for the Windows domain account that is used for printing appears to be stored in plaintext in the following file, which is world readable: -r-xr--r-- 1 root root 83 May 24 09:22 /var/spool/lpd/lp/.config I believe that this file is created by the printtool package, but I haven't investigated very much. It seems that the password ought to be encrypted no matter what, and if there is no reason to leave it world readable, I'd change the permissions from 0544 to 0540.
This may be changed for the next release but is not designed to be used with the same username and password as a real linux account. A warning message is generated from printtool explaining this when a SMB printer is created. Please create a dummy account on the print server for print jobs from the Linux box to be sent to so real user names and passwords have to be used.