Bug 14196 - "disable spoolss" needs to also disable winspool (when implemented)
Summary: "disable spoolss" needs to also disable winspool (when implemented)
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Printing (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
Depends on:
Reported: 2019-11-13 03:21 UTC by Andrew Bartlett
Modified: 2019-11-29 19:04 UTC (History)
3 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2019-11-13 03:21:06 UTC
"disable spoolss" is an important parameter to reduce the attack surface of a Samba installation that does not do printing.

However it does not appear to disable winspool (at least not in "is_known_pathname()", despite being implemented substantially in terms of spoolss.
Comment 1 Andrew Bartlett 2019-11-29 18:39:12 UTC
Or alternately, winspool does not appear to be enabled at all, but if it gets enabled it needs to honour this.
Comment 2 Andrew Bartlett 2019-11-29 19:04:37 UTC
On further investigation this looks like an incomplete feature.

In this WIP branch on current master:

s3-iremotewinspool: start iremotewinspool server by default.

 does the right thing.