Hi Mike, Matt is away this week so he'll probably have a more detailed response but in the meantime, I have a few comments/questions.
> I'm wondering if the intent of the cups userspace tools are to be > trusted programs? Specifically I'm curious about cupsaccept, cupsreject, > cupsenable and cupsdisable. The reason I ask is because if they are > supposed to be trusted programs, they don't generate unique audit > messages like other programs. I don't think these programs are trusted programs because all they do is talk to the cupsd, which is a trusted program. The cupsd makes all the decisions and takes all the actions. These programs (really just 'accept' as the rest I believe are symlinks to it) are not setuid and do not make any access or other decisions, at least that's my understanding. > Personally, I think these tools should generate messages since they are > a source for leaking information, and therefore should be restricted to > administrators. I think the real question is which actions should be audited. Should enabling/disabling a printer queue be audited? I don't believe its required to be and if its not security relevant, do we want it in the audit logs? Cups has a comprehensive logging facility so there is all kinds of information about happening with the print subsystem that I don't think we want to replicate in the audit logs, but perhaps there are more actions that would make sense to audit than we currently are auditing. Do you have specific examples of actions that you think should be audited aside from what's required for LSPP? -- ljk > > Thanks, > Mike > -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
