*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: cups
If I put this in cupsd.conf:
<Location />
Allow all
Require valid-user
Order allow,deny
Allow all
</Location>
I can still view most[1] cups URLs without being prompted for
credentials ([1] in /admin I have another Require directive that
actually works). I validated via /var/log/cups/access_log that my
browser isn't sending any cached credentials. It appears that "Require
valid-user" is completely ignored by cups.
However, if I modify this to "Require user swarren" or "Require user
@SYSTEM", those directives are honored, and I do have to enter
credentials in my browser simply to access /, as I desire.
** Affects: cups (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
cupsd.conf: "Require valid-user" ignored; other Require options work
https://bugs.launchpad.net/bugs/433797
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
