General statistics
List of Youtube channels
Youtube commenter search
Distinguished comments
About
Fook
The Lunduke Journal
comments
Comments by "Fook" (@slaapliedje) on "The "9.9" Linux Vulnerability Revealed: It's The Printers" video.
This feels similar to the print spooler issue Windows had a while back. Yeah, who knew, printing is the hole that keeps on opening...
11
@CommanderRiker0 Yeah, this is the stuff that makes Gnome / KDE instantly add any printer on the local network. The real question is... why does it need a daemon that is listening on port running as root? A daemon that does outward scans makes sense, but why would it need something to connect to? Printers should also be configurable by users rather than root.
3
@Gunstick I'm currently on Garuda Linux, which is arch based. cupsd runs as root. There is no lp user. Now if you've configured lpd, which from my understanding is ancient, then sure, it's probably running as the lp daemon. It all depends on the distribution, but most these days are likely to be running cupsd. The details of the exploit are online, so assuming you haven't already patched whichever distro you're running, you can test it out for yourself.
3
@entelin Who knows, I know you can get some that specifically have a 'printer sharing' function built i to them, but your average ISP supplied router doesn't have this functionality, or if it does, it doesn't have it on by default. There are some people who don't have a very complicated network and may set up their printer directly to their router so their other computers can connect to it. Back to it being like fax machines, parallel printers are more secure!
2
@Gunstick cups-browsed absolutely runs as root. You do know that anything under port 1000 needs some special stuff to not run as root, right? There isn't a need for privilege escalation, the privileges is already there because cups-browsed runs AS root. So you add a printer to it, that printer ppd file can have an executable command in it that foomatic-rip will execute... as root. This is likely why VINCE suggested this was a 9.9.
2
@Gunstick Right. I haven't checked Ubuntu, but Debian appears to be similar there, though it does look like lpd exists there, cupsd still runs as root. I just figured this all matches the Windows print spooler also being trash for security.
2