Control: forcemerge -1 751370
Control: tags -1 +confirmed +patch
Hi Alexander,
Thanks for this bug, which was already reported by Brian Potkin as
#751370 and pending action from me.
Le mercredi, 23 juillet 2014, 15.35:56 Alexander Kurtz a écrit :
> Package: cups-daemon
> Version: 1.7.4-1
> Severity: serious
> Justification: Information leak and possible security vulnerability
> Tags: security
For the record, I disagree with the severity and the security tag, but
will focus on fixing this bug. :)
> installing (not upgrading!) the cups-daemon package on a machine using
> systemd as PID 1 creates the /etc/cups/cupsd-systemd-listen.conf file
> like this:
>
> [Socket]
> ListenStream=0.0.0.0:631
> ListenStream=[::]:631
>
> As this file gets symlinked from the
> /etc/systemd/system/cups.socket.d/ directory, this means that systemd
> will listen on *all* interfaces and hand the incoming connections to
> CUPS.
That's a mistake indeed, a typo leftover from initial development work.
> Admittedly, CUPS still enforces it's own access limitations set
> in /etc/cups/cupsd.conf, but only after initially accepting the
> connection. It will then respond with a HTTP 403 (Forbidden) error
> page, confirming that there is indeed a CUPS daemon running and
> leaking (at least) its version number and the system locale.
I disagree that this constitutes a serious leak though, but as said,
will focus on fixing this.
> The result is, that because of problem #2, /etc/cups/cupsd.conf will
> never actually be parsed on new installations. Instead the incorrect
> fallback configuration will be used (problem #3). And because of
> problem #1, this will never be corrected, even when the package is
> updated or reinstalled.
This implies that fixing #3 to have the correct default and #1 to let it
go if the systemd configuration file has ListenStream=0.0.0.0 while
cupsd.conf has Listen localhost* (as it has by default).
A tested patch that does this is attached, I'll upload this later
tomorrow.
Cheers,
OdyX
commit 12a1e3786b3746339cc671054e2fcc99e9a0ef88
Author: Didier Raboud <o...@debian.org>
Date: Thu Jul 24 22:02:16 2014 +0200
Correct default listening address used under systemd for new installations; also correct the discrepancy on upgrades
Closes: #755807
diff --git a/debian/cups-daemon.preinst b/debian/cups-daemon.preinst
index 0d0a711..63087f0 100644
--- a/debian/cups-daemon.preinst
+++ b/debian/cups-daemon.preinst
@@ -10,10 +10,12 @@ install|upgrade)
mv /etc/cups/cupsd.conf /etc/cups/cupsd.conf.conffile-bak
fi
- # If file doesn't exist or if it has two conflicting stanzas
+ # If file doesn't exist, has two conflicting stanzas or has a "listen-to-all" while cupsd.conf says it should 'listen-to-localhost'
if [ ! -f /etc/cups/cupsd-systemd-listen.conf ] || \
( grep -q '^ListenStream=0.0.0.0:' /etc/cups/cupsd-systemd-listen.conf 2>/dev/null && \
- grep -q '^ListenStream=127.0.0.1:' /etc/cups/cupsd-systemd-listen.conf 2>/dev/null ) ;\
+ grep -q '^ListenStream=127.0.0.1:' /etc/cups/cupsd-systemd-listen.conf 2>/dev/null ) ||
+ ( grep -q '^ListenStream=0.0.0.0:' /etc/cups/cupsd-systemd-listen.conf 2>/dev/null && \
+ grep -q '^\s*Listen localhost:' /etc/cups/cupsd.conf 2>/dev/null );\
then
mkdir -p /etc/cups
cat >/etc/cups/cupsd-systemd-listen.conf <<EOF
@@ -43,8 +45,8 @@ EOF
else
cat >>/etc/cups/cupsd-systemd-listen.conf <<EOF
# Matches the default 'Listen localhost:631' from cupsd.conf.default
-ListenStream=0.0.0.0:631
-ListenStream=[::]:631
+ListenStream=127.0.0.1:631
+ListenStream=[::1]:631
EOF
fi
fi
