Bug #6886

Maybe grant access to the local CUPS administration web page

Added by intrigeri 2014-03-08 10:20:48 . Updated 2014-03-08 10:51:08 .

Status:
Confirmed
Priority:
Low
Assignee:
Category:
Hardware support
Target version:
Start date:
2014-03-08
Due date:
% Done:

0%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
0
Affected tool:
Deliverable for:

Description

  • The firewall grants permission to 127.0.0.1:631 for the amnesia user. But the FoxyProxy settings in the regular browser send such connections through the Tor SOCKS proxy, that rejects it.
  • The Unsafe Browser’s proxy settings would allow connecting to 127.0.0.1:631 just fine. But the firewall blocks that.

We should rethink this entirely.

First, do we want to allow access to this administration web page at all? On the one hand, it has had security issues in the past. On the other hand, some CUPS functionality cannot be accessed with the GNOME printing config interface, so to make some printers work optimally, one has to use the CUPS web administration interface.

Second, assuming we want to grant access to this administration web page somehow: do we want to grant access to the regular browser, or to the Unsafe Browser? This is related to Can requests to 127.0.0.1 be used to fingerprint the browser?, which indicates that we don’t want to allow Tor Browser to connect to random ports on 127.0.0.1 (and Torbutton now empties no_proxies_on to this effect).

Subtasks

Related issues

Related to Tails - Feature #15167: Decide what to do with LAN traffic Confirmed 2018-01-15

History

#1 Updated by intrigeri 2014-03-08 10:51:08

  • Description updated

#2 Updated by Anonymous 2018-01-19 14:37:48