On Tue, May 25, 2021 at 10:03:13AM +0200, Björn Persson wrote:
None of that answers the question: How can I tell whether the printer I'm sending to is on an untrusted network, on an imaginary network created for a USB printer, or on a 1980s-style isolated LAN? Will the name of the network interface be displayed when I choose a printer? Will there at least be a visible difference between a permanently configured printer and an auto-found printer, so I can continue to have my printer configured and know that I'm sending to that one?
If the printer is not on a local [1] network, then it won't appear automagically. Those that do appear show up as "queuename at host" or "mfg_model_hostname" (for native IPP printers, there's usually a partial MAC address in there by default too) Queues you create manually/permanently can be called whatever you want and point wherever you want. The standard GTK print dialog doesn't include any indication where a given printer identifier points, but others might.
Do I need to explain, detail by detail, the errors in the reasoning "People don't print on untrusted networks. Therefore any network with a printer on it is trusted.", or can people see the logical flaws on their own?
Trusted or not, "people need to print to something on their local network" is the overwhelmingly common use case.
Meanwhile, CUPS's auto-discovery mechanisms have _always_ assumed the local network can be trusted. And if you don't trust the network, firewall off mDNS/browsed/whatever, and/or don't print to printers you don't recognize.
Sure, someone could be spoofing a specific printer name/identifier just so they can capture a document *you* want to print, but if there's that level of persistant hostile presence on your local network, you're already completly screwed.
[1] "local" means the local broadcast domain.
- Solomon