AW: [Desktop_printing] Role of CUPS and error handling

Johannes Meixner jsmeix at suse.de
Mon Mar 27 01:04:54 PST 2006


Hello,

On Mar 24 18:10 Kurt Pfeifle wrote (shortened):
> On Friday 24 March 2006 14:47, Michael Sweet wrote:
> > If SuSE uses SELinux in their distribution

As far as I know (I am no security expert) there are various
reasons why we don't have SELinux but AppArmor instead.


> marry CUPS and AppAmor

With sufficient support of "Amor" (English: "Cupid")
even AppArmor can have a great marriage ;-)

As far as I know (I am no security expert) AppArmor is only
a second line of defense and we don't like to give up too easily
on the first line.

The same applies for a firewall, see
http://en.opensuse.org/SDB:Printer_Configuration_from_SUSE_LINUX_9.0_on
------------------------------------------------------------------------
A correctly configured firewall may not be available in all scenarios. 
Therefore, cupsd itself must meet these security requirements.
------------------------------------------------------------------------
Think about special services to share files via Internet
which may cause problems with a secure firewall setup.
For whatever reason many unexperienced users may simply switch off
the firewall and then in particular the printing service is one
of the very few services (perhaps it is even the only one)
which is exposed to the Internet on almost any system.


Kind Regards
Johannes Meixner
-- 
SUSE LINUX Products GmbH, Maxfeldstrasse 5      Mail: jsmeix at suse.de
90409 Nuernberg, Germany                    WWW: http://www.suse.de/



More information about the Printing-summit mailing list