Bug 66360 - SMB data in generated /var/spool/lpd/printername/script.cfg file is not encrypted nor encoded
Summary: SMB data in generated /var/spool/lpd/printername/script.cfg file is not encry...
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: printconf (Show other bugs)
(Show other bugs)
Version: 7.2
Hardware: All Linux
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Brock Organ
Depends On:
TreeView+ depends on / blocked
Reported: 2002-06-08 14:47 UTC by Wayne Pollock
Modified: 2007-04-18 16:43 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-06-17 16:25:53 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Wayne Pollock 2002-06-08 14:47:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.79 [en] (Win98; U)

Description of problem:
The "password='mypass'" linein script.cfg is not encrypted nor encoded.  This causes smbprint to fail if the password contains any
shel metacharacters (as a good password should).  The single quotes generated around the password don't help since the password may
contain single quotes, and in any case is "eval"ed later which cancels the effects of the quotes.  Additionally, there is a security
hole whenn storing plain text versions of passwords: if the script.cfg file is compomised a username and password can be obtained.

Additionally the "share='\\server\printer'" entry must encode the backslashes as forward slashes in the UNC share name.  The
eval of the result cancels the effect of the single quotes.  (the back-slashes could alternatively be escaped with additional
backslashes, as in "share='\\\\server\\printer'".

Version-Release number of selected component (if applicable):
Current versions as of 6/4/02 (ran up2date this morning and verified bug still present and not previously listed in Bugzilla)

How reproducible:

Steps to Reproduce:
1.Use either printconf-gui or printconf-tui
2.Select an SMB queue
3.Use a password containing a single quote or other shell metacharacters

Actual Results:  No output is produced

Expected Results:  Output should have been printed

Additional info:

Suggested solution:
The password could be encrypted with MD5 and a randomly generated (at RH install time) password stored in a file not world-readable.
Then your tools could store the encrypted password in script.cfg, and decrypt in RAM when invoking smbprint.  This solution doesn't require
using SMB encrypted passwords.  As for the share name, some simple Python (or a pass using tr) will easily solve the issue.  (Additional
details of this soluiton such as updating existingscript.cfg entries are left as an exersize for the reader.)

An interim solution would include adding a string to the printconf dialogs warning users to use forwad slashes in UNC names, and to use
passwordfs without any shell metacharacters for SMB passwords.  But this wouldn't address the security aspect of storing plaintext passwords on the disk.

Comment 1 Tim Waugh 2002-06-10 10:08:07 UTC
When I tried this on Red Hat Linux 7.3 a short while ago I thought this had  
been fixed.  I'll re-check.  
Regarding the permissions on the file: it resides in a directory that only the  
'lp' user may access.

Comment 2 Wayne Pollock 2002-06-10 16:11:53 UTC
If this is fixed in 7.3, could the 7.3 package be added to an otherwise 7.2 system?
I realize the directory is protected, but it seems to me still a security hole to store plaintext passwords, especially when
it would be so ease to encrypt them first.

Comment 3 Tim Waugh 2002-06-10 16:21:46 UTC
In theory, yes, the package could just be upgraded.  In practice, printing has 
lots of dependencies, so you might end up pulling in more than you want.  Let 
me check if it really is fixed, and I'll update this bug entry appropriately. 
Yes, ideally it would be encrypted as well.

Comment 4 Tim Waugh 2002-06-17 15:50:51 UTC
Single quotes are now dealt with in CVS. 

Comment 5 Tim Waugh 2002-06-17 16:25:46 UTC
Fixed package is 0.4.1-1.

Note You need to log in before you can comment on or make changes to this bug.