14196 – "disable spoolss" needs to also disable winspool (when implemented)

Bug 14196 - "disable spoolss" needs to also disable winspool (when implemented)

Summary: "disable spoolss" needs to also disable winspool (when implemented)

Status:	ASSIGNED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Printing (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Guenther Deschner
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-11-13 03:21 UTC by Andrew Bartlett
Modified:	2019-11-29 19:04 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Bartlett 2019-11-13 03:21:06 UTC

"disable spoolss" is an important parameter to reduce the attack surface of a Samba installation that does not do printing.

However it does not appear to disable winspool (at least not in "is_known_pathname()", despite being implemented substantially in terms of spoolss.

Comment 1 Andrew Bartlett 2019-11-29 18:39:12 UTC

Or alternately, winspool does not appear to be enabled at all, but if it gets enabled it needs to honour this.

Comment 2 Andrew Bartlett 2019-11-29 19:04:37 UTC

On further investigation this looks like an incomplete feature.

In this WIP branch on current master:
https://git.samba.org/?p=gd/wireshark/.git;a=shortlog;h=refs/heads/master-iremotewinspool

s3-iremotewinspool: start iremotewinspool server by default.
https://git.samba.org/?p=gd/samba/.git;a=commitdiff;h=f6f7744ba0935bd21e0f5df83a3b6d9411f2d6c0

 does the right thing.