Bug #6886
Maybe grant access to the local CUPS administration web page
0%
Description
- The firewall grants permission to 127.0.0.1:631 for the
amnesia
user. But the FoxyProxy settings in the regular browser send such connections through the Tor SOCKS proxy, that rejects it. - The Unsafe Browser’s proxy settings would allow connecting to 127.0.0.1:631 just fine. But the firewall blocks that.
We should rethink this entirely.
First, do we want to allow access to this administration web page at all? On the one hand, it has had security issues in the past. On the other hand, some CUPS functionality cannot be accessed with the GNOME printing config interface, so to make some printers work optimally, one has to use the CUPS web administration interface.
Second, assuming we want to grant access to this administration web page somehow: do we want to grant access to the regular browser, or to the Unsafe Browser? This is related to Can requests to 127.0.0.1 be used to fingerprint the browser?, which indicates that we don’t want to allow Tor Browser to connect to random ports on 127.0.0.1 (and Torbutton now empties no_proxies_on
to this effect).
Subtasks
Related issues
Related to Tails - Feature #15167: Decide what to do with LAN traffic | Confirmed | 2018-01-15 |
History
#1 Updated by intrigeri 2014-03-08 10:51:08
- Description updated
#2 Updated by Anonymous 2018-01-19 14:37:48
- related to Feature #15167: Decide what to do with LAN traffic added