Project

General

Profile

Bug #6886

Maybe grant access to the local CUPS administration web page

Added by intrigeri almost 6 years ago. Updated almost 6 years ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Hardware support
Target version:
-
Start date:
03/08/2014
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:
Starter:
No
Affected tool:

Description

  • The firewall grants permission to 127.0.0.1:631 for the amnesia user. But the FoxyProxy settings in the regular browser send such connections through the Tor SOCKS proxy, that rejects it.
  • The Unsafe Browser's proxy settings would allow connecting to 127.0.0.1:631 just fine. But the firewall blocks that.

We should rethink this entirely.

First, do we want to allow access to this administration web page at all? On the one hand, it has had security issues in the past. On the other hand, some CUPS functionality cannot be accessed with the GNOME printing config interface, so to make some printers work optimally, one has to use the CUPS web administration interface.

Second, assuming we want to grant access to this administration web page somehow: do we want to grant access to the regular browser, or to the Unsafe Browser? This is related to Can requests to 127.0.0.1 be used to fingerprint the browser?, which indicates that we don't want to allow Tor Browser to connect to random ports on 127.0.0.1 (and Torbutton now empties no_proxies_on to this effect).


Related issues

Related to Tails - Feature #15167: Decide what to do with LAN traffic Confirmed 01/15/2018

History

#1 Updated by intrigeri almost 6 years ago

  • Description updated (diff)

#2 Updated by u almost 2 years ago

Also available in: Atom PDF