[SOLVED] localhost631 (cups) opera warns admin password will be sent unencrypted?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: antiX, Mageia, OpenSUSE, etc... I multi-boot
Posts: 36
Rep:
localhost631 (cups) opera warns admin password will be sent unencrypted?
To do anything worthwhile in the cups http interface I always need to enter my root password... I never thought much about it when I went there with Firefox. But I recently happened to be running opera when I wanted to change the printer default option to grayscale, but when the admin login prompt popped up, opera warns in red letters,
"Your password will be sent unencrypted"
I'm not really sure I understand this correctly, but even if opera's warning is correct and when I login as root to localhost631 to change some printer settings, and my root password really is always sent without encryption, I'm hoping that since localhost is in fact the computer I'm running, this unencrypted transmission should be rather difficult for somebody to acquire my root password from????
I mean I find it hard to believe that the official cups interface would really want to expose the admin password.
Since the 'connection' is not traveling over any wires etc. the risk is about the same as entering your password at any other time except in one way. any process 'listening' on local host can grab the password whereas in most situations the only way would be to scan the keyboard.
The good (and bad) news is, if you have malware running on your system that would use this for the wrong reason, (e.g. a rootkit) you already have a compromised system with a much greater security risk.
But you should not be running as root to begin with. You should be using your user password which limits exposure to root processes and provides better options for tracking unauthorised use. (which is probably what you meant by 'root' password right?)
Distribution: antiX, Mageia, OpenSUSE, etc... I multi-boot
Posts: 36
Original Poster
Rep:
Quote:
Originally Posted by glue
Since the 'connection' is not traveling over any wires etc. the risk is about the same as entering your password at any other time except in one way. any process 'listening' on local host can grab the password whereas in most situations the only way would be to scan the keyboard.
Methinks anyone good enough to hack into a Linux system, is probably good enough to scan the keyboard so I don't think I'll worry too much about that diff...
Quote:
Originally Posted by glue
The good (and bad) news is, if you have malware running on your system that would use this for the wrong reason, (e.g. a rootkit) you already have a compromised system with a much greater security risk.
Yup. Not too sure how I'd know if my system was so compromised... But unless Firefox and/or opera will install a "rootkit" if I click on the wrong link? I doubt my system is overly at risk...
Quote:
Originally Posted by glue
But you should not be running as root to begin with. You should be using your user password which limits exposure to root processes and provides better options for tracking unauthorised use. (which is probably what you meant by 'root' password right?)
Actually here I have a slightly different theory... I agree that running as root is a dumb idea. But I always "have" a root account {even on Ubuntu systems} and set targetpw in the sudoers file on the theory that using the same "generic" password that I type as often as I do my basic login password is something that sooner or later I'll get too lazy to remember to make sure nobody is looking over my shoulder... I mean it's not like somebody has to wait till I'm doing a root function to see me typing in the regular password. Where as when I'm about to do root level functions, I treat it like a loaded gun. It's dangerous, worthy of extra caution. I tend to look behind me first. If the developers who say we shouldn't use root's password to do root functions, figured out how to give users a two level password system so that the sudo password would be neither root's nor the one used just to login quickly to check for new mail before leaving for the day, I'd want to know about it...
But in any case thanks for putting my mind at ease about the cups interface.
Actually, it's fairly easy to set up a regular user as a "Print Administrator" -- the key is the SystemGroup directive in /etc/cups/cupsd.conf
For example, if it's
SystemGroup sys root
You could add desired print admins to the sys group with a command like
groupmod -G sys user1
Of course, it may be better to use the pre-existing lp group for that purpose -- add that to the SystemGroup directive, and then use the groupmod command to add desired users to that group.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.