RFE: Support discovery of printer applications on domain sockets #76
Comments
michaelrsweet
changed the title
|
I updated the title of the bug to reflect what is being asked for. In short, @DemiMarie mentioned this on the Apple CUPS issue tracker and I asked her to submit an issue here so we can track support for printer applications that are accessible via domain sockets. Ideally we should be able to publish (somewhere) a list of domain sockets representing local printer applications that are running, and then the CUPS dests API will be able to use Get-Printers requests to include all of the printers in the list of destinations, as if they were discovered via DNS-SD. |
|
There could be to ways to handle it. Since we are localhost so we could do this via other protocols or via directory structure. |
|
This is also necessary to support IPP-USB on AF_UNIX without firewall hacks. |
|
@DemiMarie I don't see how we can support an IPP-USB proxy/gateway over domain sockets and still support access to the printer's web page to configure things, clean print heads, etc. |
A browser in a separate network namespace with a TCP ⇔ AF_UNIX proxy in the network namespace is one approach. A program that embeds WebKitGTK and overrides its URL handling is another. |
Using TCP sockets on localhost raises concerns about local privilege escalation attacks. AF_UNIX sockets are more efficient and more secure.
Advertising AF_UNIX sockets over DNS-SD makes little sense, and accepting such an advertisement has its own security concerns. Specifying the AF_UNIX socket in a configuration file is more logical, IMO.
The text was updated successfully, but these errors were encountered: