Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s
Yes, but exactly that was/is the issue of this bug. cups-browsed was attaching itself to every available IP on the system.
And cups-browsed can’t only be bind to localhost, it would defeat the whole purpose of that tool. For it to be able to find other printers in the network it needs to be bound to a non-localhost-IP address.
So, not much to sandbox
Honestly it isn’t a big deal if you just use it on local host. Just make sure cups is sandboxes like it should be. (Systemd)
Yes, but exactly that was/is the issue of this bug. cups-browsed was attaching itself to every available IP on the system. And cups-browsed can’t only be bind to localhost, it would defeat the whole purpose of that tool. For it to be able to find other printers in the network it needs to be bound to a non-localhost-IP address. So, not much to sandbox