Robert Marcano via devel wrote:
The admin can implement CUPS
authentication but an ipp://localhost:60000 open port entirely open to
anyone on the local machine to submit print jobs directly bypassing CUPS.
In that case it's also accessible to all the untrusted Javascript junk
that regularly runs in the user's browser. Because IPP is built on HTTP,
a Javascript program can tell the browser to send an IPP request. What
has been done to secure those "virtual printer devices" against DNS
rebinding attacks?
https://en.wikipedia.org/wiki/DNS_rebinding
Considering the attitude to security I've seen from CUPS before, I
won't be surprised if they just assume that someone else will protect
them from DNS rebinding attacks.
Björn Persson