thestinger
commented
1 month ago This shouldn't add any remote attack surface and no significant local attack surface either since it's more sandboxed than the apps themselves.
Closed Lppsoeht closed 4 weeks ago
thestinger
commented
1 month ago This shouldn't add any remote attack surface and no significant local attack surface either since it's more sandboxed than the apps themselves.
Lppsoeht
commented
1 month ago This shouldn't add any remote attack surface and no significant local attack surface either since it's more sandboxed than the apps themselves.
Is it not still a "mostly useless" service running in background? I mean, even without using it, still consumes a little battery life overtime. Nothing outstanding of course.
thestinger
commented
1 month ago It doesn't ever run unless it's used by an app. The code is just available to be used.
Lppsoeht
commented
4 weeks ago This shouldn't add any remote attack surface and no significant local attack surface either since it's more sandboxed than the apps themselves.
https://github.com/advisories/GHSA-6hgf-r98c-j43p https://vuldb.com/?id.243929 It had some weakness so I still suggest giving the option to disable it by default on new user creation
thestinger
commented
4 weeks ago Those are local vulnerabilities exploitable by apps and they don't really give apps any more access beyond that they could spy on what other apps send to the print service since it is contained itself. That's what I described above.
I'm sure there are other settings that some users would prefer to be disabled by default at the user creation, but I really never had to use the print service with a mobile device. If that's not the case for most people then a page for unticking some services enabled by default on a new setup wizardpage would be great. In this case I'll gladly add the feature request there.