Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 3077 - smb print user's password stored in world-readable plaintext
Summary: smb print user's password stored in world-readable plaintext
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: printtool
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Lawrence
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-05-26 22:33 UTC by George Karabin
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-06-08 18:51:40 UTC


Attachments (Terms of Use)

Description George Karabin 1999-05-26 22:33:32 UTC
I have my machine configured to print to a print server
running on a Windows box. The password for the Windows
domain account that is used for printing appears to be
stored in plaintext in the following file, which is world
readable:

-r-xr--r--   1 root     root           83 May 24 09:22
/var/spool/lpd/lp/.config

I believe that this file is created by the printtool
package, but I haven't investigated very much.

It seems that the password ought to be encrypted no matter
what, and if there is no reason to leave it world readable,
I'd change the permissions from 0544 to 0540.

Comment 1 David Lawrence 1999-06-08 18:51:59 UTC
This may be changed for the next release but is not designed to be
used with the same username and password as a real linux account. A
warning message is generated from printtool explaining this when a SMB
printer is created. Please create a dummy account on the print server
for print jobs from the Linux box to be sent to so real user names and
passwords have to be used.


Note You need to log in before you can comment on or make changes to this bug.