cloudprint needs security review to use it as implementation sample for gnome-settings-daemon

Bug #889018 reported by Till Kamppeter on 2011-11-11
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cloudprint (Ubuntu)

Bug Description

On the UDS P we decided to integrate Google Cloud Print in Ubuntu Precise by making it easy to share out the local printers to the Google cloud. For the user daemon to do this we decided on the lightweight cloudprint (and not on the Google Chrome browser). Therefore cloudprint needs to get into Main.

See the Blueprint:

The package is currently available in Ubuntu Universe.

No security vulnerabilities are known on CVE and Secunia.

The package does not have any GUI, it is pure command line. So it needs neither translations nor .desktop files. The use of the command line interface is described in a man page. The package is a user daemon and so it needs user interaction only for setup, after that it is simply running in the background. GUI for setup is planned to be added to GNOME Control Center, see bug 888981.

Packaging and package installation is straightforward. debconf is not used. The packaging fulfills all Debian/Ubuntu packaging standards, including a comment-only debian/watch file.

All dependencies are in Main already.

No major bugs are known. The package survived also well a stress testing on a machine with ~100 print queues.

No special hardware is required, any printer (including virtual cups-pdf printer) is exported into the cloud by any kind of machine connected to the internet.

The package is maintained upstream. The upstream author has accepted my patches which have fixed important bugs.

Changed in cloudprint (Ubuntu):
importance: Undecided → Medium
Martin Pitt (pitti) wrote :

I'd appreciate a thorough review from the security team for this. This is the kind of package which exposes user data, credentials, open ports, and local hardware to the network, and thus should be scrutinized before we let it into main and the default installation.

Changed in cloudprint (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Till Kamppeter (till-kamppeter) wrote :

Additional note: Local printers do not get shared to the public, only to the user's Google account, and the user has also to log into his Google account on the client (mobile device) to be able to print. So assuming all software components (client software on mobile, cloud print server at Google, Google Cloud Print implementation on Ubuntu) are secure enough, cloud printing should be secure and not allow third parties to print or to read out private data.

Security review of our components is naturally needed.

Martin Pitt (pitti) wrote :

The current cloudprint package uses the deprecated python-support, this needs moving to dh_python2. Also, I really want to avoid running yet another python daemon in the user session. Can this be rewritten in C, Vala, or integrated into gnome-settings-daemon etc.? We just try to get rid of the two other Python daemons that we have (zeitgeist, which is already written in C upstream, and system-config-printer's, which Lars wants to change to only start on demand).

Rodrigo Moya (rodrigo-moya) wrote :

Yes, I don't think we need cloudprint at all, we can perfectly have this functionality in g-s-d. It would be great though to have a security review of the current cloudprint.

Till Kamppeter (till-kamppeter) wrote :

Retargeting bug report:

We do not need the MIR of cloudprint any more as we will implement its functionality in gnome-settings-daemon. What we need is a security review of cloudprint to see whether its methods can get implemented in the same way in g-s-d, or whether additional security aspects have to be taken into account.

summary: - [MIR] cloudprint
+ cloudprint needs security review to use it as implementation sample for
+ gnome-settings-daemon
Till Kamppeter (till-kamppeter) wrote :

We will consider this bug as "Fix Released" when the security review results are posted here.

Jamie Strandboge (jdstrand) wrote :

I'm sorry, but I'm confused. This says that cloudprint is not needed, but we want a security team review anyway? This will take at least 1-2 full days to review and I'd rather only do that if it is actually required. Can you elaborate what exactly is required? Thanks

Changed in cloudprint (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Jamie Strandboge (jdstrand)
status: New → Incomplete
Till Kamppeter (till-kamppeter) wrote :

Jamie, the idea is the following: We want to add Google Cloud Print support in the gnome-settings-daemon, but we do not yet know how the exchange protocol between the print server (the Ubuntu machine running CUPS, at the user's home or office) and the Google Cloud Print server works. So we will use cloudprint as a sample implementation for the Google Cloud Print access. Where we would like to have the help of the security team is to review cloudprint and check whether the implementation is sufficiently secure and if not, where improvement is needed, so that the g-s-d implementation will be done in a secure way right from the beginning.

Changed in cloudprint (Ubuntu):
status: Incomplete → New
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cloudprint (Ubuntu):
status: New → Confirmed
Changed in cloudprint (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Related blueprints