Bug#246093: gnome-cups-manager: This is a security issue quite easy
to solve
Just modifying the glade files to allow the a
pp to show *** when typing
your password to add a new p
rinter is quite easy. A little harder is to
avoid the
password to be shown to the rest of the system users whe
never
they see the printer properties, because touchi
ng the C code is
necessary.
I still think this is a
security hole that should never have been in
this appl
ication. Adminstrating the system with this tool the ro
ot user
could easyly avoid showing the smb passwords to
the rest of the users.
José L. Redrejo
José L. Redrejo ,
246093@bugs.debian.org
Wed, 09 Jun 2004 12:18:30 +0000
Package: gnome-cups-manager
Version: 0.17-3
Severity: normal
Followup-For: Bug #246093
-- System Information:
Debian Release: gnulinex
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=es_ES@euro, LC_CTYPE=es_ES@euro (ignored: LC_ALL set to es_ES@euro)
Versions of packages gnome-cups-manager depends on:
ii l 2.3.16-5 Library of functions for 2D graphi
ii l 1.6.1-2 The ATK accessibility toolkit
ii l 0.2.6-3 Open-source version of SGI's audio
ii l 2.6.0-1 Bonobo CORBA interfaces library
ii l 2.6.0-2 The Bonobo UI library
ii l 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii l 1.1.20final+cvs20040330-3experimental1 Common UNIX Printing System(tm) -
ii l 0.2.29-1 Enlightened Sound Daemon - Shared
ii l 1:3.3.3-6 GCC support library
ii l 2.6.1-1 GNOME configuration database syste
ii l 1.1.12-4 LGPL Crypto library - runtime libr
ii l 1:2.3.6-4 Library to load .glade files at ru
ii l 2.4.1-2 The GLib library of C routines
ii l 2.6.1-1 The GNOME 2 library - runtime file
ii l 2.6.0-4 A powerful object-oriented display
ii l 0.1.6-5 GNOME library for CUPS interaction
ii l 0.17-3 UI extensions to libgnomecups
ii l 2.6.1.1-1 The GNOME 2 libraries (User Interf
ii l 2.6.1.1-2 The GNOME virtual file-system libr
ii l 2.6.1.1-2 The GNOME virtual file-system libr
ii l 0.8.12-5 GNU TLS library - runtime library
ii l 2.4.1-2 The GTK+ graphical user interface
ii l 6b-9 The Independent JPEG Group's JPEG
ii l 1:2.10.0-0.1 libraries for ORBit2 - a CORBA ORB
ii l 1.4.0-3 Layout and rendering of internatio
ii l 1.7-4 lib for parsing cmdline parameters
ii l 1:3.3.3-6 The GNU Standard C++ Library v3
ii l 0.1.2-1 Manage ASN.1 structures (runtime)
ii l 2.6.9-2 GNOME XML library
ii x 4.3.0.dfsg.1-1 X Window System client libraries m
ii z 1:1.2.1.1-3 compression library - runtime
-- no debconf information