[Printing-architecture] IPP-over-USB and Printer Applications: DNS-SD-advertise localhost:PORT a security problem?

Sean Kau skau at chromium.org
Wed Nov 21 22:41:40 UTC 2018


Thanks Till.

To clarify, we don't consider advertisement on localhost to be a security
problem.  But in the spirit of reducing our attack surface we prefer to
moderate communication between processes.  Because of this, we prefer not
to communicate over the loopback interface.  Instead, we currently use Unix
Domain Sockets since we can control access to those using standard user and
group permissions.

Sean Kau

On Wed, Nov 21, 2018 at 2:26 PM Till Kamppeter <till.kamppeter at gmail.com>
wrote:

> Hi,
>
> I talked with Sean Kau and David Valleau from Chrome OS (CCed) about the
> implementation of IPP-over-USB with ippusbxd in Chrome OS. Sean told
>
> ----------
> Using DNS-SD on localhost doesn't fit our security model as we don't
> want to allow arbitrary processes to talk to each other.
> ----------
>
> This would mean that we cannot implement IPP-over-USB and Printer
> Applications as innitially thought out. They are supposed to make the
> printer available as
>
> ipp://localhost:PORT/ipp/print
>
> with PORT varying so that there can be several devices connected to the
> same machine (and CUPS running in addition). For CUPS (or the printing
> system in general) automatically discovering the devices and creating
> print queues the Printer Applications (and ippusbxd) are supposed to
> advertise themselves via DNS-SD.
>
> This would mean (local-only) advertising of localhost via DNS-SD, which
> Sean considers a security problem. Is this actually a security problem?
> If so, how should Printer Applications (and ippusbxd) actually work?
>
>     Till
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/printing-architecture/attachments/20181121/a0826c23/attachment.html>


More information about the Printing-architecture mailing list