[Sugar-devel] Fwd: Regarding the print support idea(GSoC)
Luke Faraone
luke at faraone.cc
Wed Mar 18 09:36:14 EDT 2009
On Wed, Mar 18, 2009 at 9:28 AM, Vamsi Krishna Davuluri <
vamsi.davuluri at gmail.com> wrote:
>
> The link you gave didn't work, so I checked this page
> http://wiki.laptop.org/go/OLPC_Bitfrost
> I have gone through security models listed, umm ... was there anything
> specific I was to look into?
>
>> Well,
> I'd grant them only if the user is the owner of that specific document or
>>> is master root. This will be most useful in case the machine acts as a cups
>>> server and a request comes from the network, we could see that other than
>>> the local master, no one else on the network has access to that particular
>>> job, or stop that printing event from taking place.
>>>
>>
As far as I am aware, this is the default CUPS behavior.
btw thought of another thing, when the print button is clicked in an
>>> activity, the request metadata (object) is sent to the journal, but the
>>> journal doesnt have to immediately take over control, instead within the
>>> activity a pop up comes which says 'print jobs in queue('this can be closed,
>>> or clicked to go to the journal where the job can be canceled, or started)
>>> and when loging in into sugar, if pending jobs are there again a
>>> notification is displayed, and if a print job is of a particular activity,
>>> and they are pending, and if the same activity is opened again it
>>> notification is displayed.
>>>
>> And are the implementations not prone to modification?
> As in we could specify a particular #print_port to bypass them?
>
Allowing activities to print things directly is just asking for trouble.
Potential attack vector: an activity that has RO access to all documents but
is denied net access (per their mutual-exclusiveness specified by bitfrost)
has the ability to send outgoing requests to port 5900 (HP JetDirect port),
per your printing exception. A black hat, who authored this application,
sets up a "print server" at death.example.com. Since the activity can send
any packet it wishes on that port, it simply "prints" to this server. The
attacker now has subverted the bitfrost model, and now has access to all of
the user's documents.
--
Luke Faraone
http://luke.faraone.cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sugarlabs.org/archive/sugar-devel/attachments/20090318/f7a1cc6b/attachment.htm
More information about the Sugar-devel
mailing list