On Tue, May 25, 2021 at 10:03:13AM +0200, Björn Persson wrote: > None of that answers the question: How can I tell whether the printer > I'm sending to is on an untrusted network, on an imaginary network > created for a USB printer, or on a 1980s-style isolated LAN? Will the > name of the network interface be displayed when I choose a printer? > Will there at least be a visible difference between a permanently > configured printer and an auto-found printer, so I can continue to have > my printer configured and know that I'm sending to that one?
If the printer is not on a local [1] network, then it won't appear
automagically. Those that do appear show up as "queuename at host" or
"mfg_model_hostname" (for native IPP printers, there's usually a partial
MAC address in there by default too) Queues you create
manually/permanently can be called whatever you want and point wherever
you want. The standard GTK print dialog doesn't include any indication
where a given printer identifier points, but others might.
> Do I need to explain, detail by detail, the errors in the reasoning
> "People don't print on untrusted networks. Therefore any network with a
> printer on it is trusted.", or can people see the logical flaws on
> their own?
Trusted or not, "people need to print to something on their local
network" is the overwhelmingly common use case.
Meanwhile, CUPS's auto-discovery mechanisms have _always_ assumed the
local network can be trusted. And if you don't trust the network,
firewall off mDNS/browsed/whatever, and/or don't print to printers you
don't recognize.
Sure, someone could be spoofing a specific printer name/identifier just
so they can capture a document *you* want to print, but if there's that
level of persistant hostile presence on your local network, you're
already completly screwed.
[1] "local" means the local broadcast domain.
- Solomon
--
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
High Springs, FL speachy (freenode)
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
