[Printing-architecture] IPP-over-USB and Printer Applications: DNS-SD-advertise localhost:PORT a security problem?
Till Kamppeter
till.kamppeter at gmail.com
Wed Nov 21 22:26:39 UTC 2018
Hi,
I talked with Sean Kau and David Valleau from Chrome OS (CCed) about the
implementation of IPP-over-USB with ippusbxd in Chrome OS. Sean told
----------
Using DNS-SD on localhost doesn't fit our security model as we don't
want to allow arbitrary processes to talk to each other.
----------
This would mean that we cannot implement IPP-over-USB and Printer
Applications as innitially thought out. They are supposed to make the
printer available as
ipp://localhost:PORT/ipp/print
with PORT varying so that there can be several devices connected to the
same machine (and CUPS running in addition). For CUPS (or the printing
system in general) automatically discovering the devices and creating
print queues the Printer Applications (and ippusbxd) are supposed to
advertise themselves via DNS-SD.
This would mean (local-only) advertising of localhost via DNS-SD, which
Sean considers a security problem. Is this actually a security problem?
If so, how should Printer Applications (and ippusbxd) actually work?
Till
More information about the Printing-architecture
mailing list