Package: irssi-text
Version: 0.8.9-3.1
Followup-For: Bug #330602
It also happens on unstable's latest irssi-text package and when loading
ANY script - even an empty file or just typing /script exec 1.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy:
Package: linux-image-2.6.12-1-powerpc
Version: 2.6.12-10
Severity: critical
Tags: security
Justification: root security hole
The non-suid command loadkeys can be used by any local user having
console access. It does not just apply to the current virtual console
but to all virtual consoles and
Scripsis, quam aut quem »Krzysztof Halasa« appellare soleo:
Horms [EMAIL PROTECTED] writes:
Then log out and let root login (in a computer pool, you can usually get
an admin to log on as root on a console somehow). The next time he'll
press TAB to complete a file name, he instead will run
Scripsis, quam aut quem »Krzysztof Halasa« appellare soleo:
Rudolf Polzer [EMAIL PROTECTED] writes:
That does not help against the loadkeys issue if the attacking user is still
logged in on another virtual console. Even when tty1 is active, a user
owning
tty6 can use loadkeys.
Sure
Scripsis, quam aut quem »Krzysztof Halasa« appellare soleo:
Rudolf Polzer [EMAIL PROTECTED] writes:
However, pool computers like in this case are neither servers nor
terminals. If they were terminals, we would need about 30 servers to
handle the load of 100 active students. So
Scripsis, quam aut quem »Krzysztof Halasa« appellare soleo:
Rudolf Polzer [EMAIL PROTECTED] writes:
Ok. So they are exposed to known attacks with quite high probability.
Which others? Are there other places that assume only trusted users can
access
the console?
Probably: BIOS
Scripsis, quam aut quem »Krzysztof Halasa« appellare soleo:
Rudolf Polzer [EMAIL PROTECTED] writes:
That's the only thing that might actually work - an inductive device wrapped
around the keyboard cable. But I've never seen those available ready to buy.
There are simpler designs - it's
/csprogs.dat/menu.dat files generated by its compilation in our
xonotic-data pk3 file.
Best regards,
Rudolf Polzer
Package: linux-headers-amd64
Version: 4.11.0-2-amd64
this package is missing
Package: mawk
Version: 1.3.3-17
Severity: minor
Dear Maintainer,
What led up to the situation?
Discovered the issue when searching Debian Code Search for "19%y".
* What exactly did you do (or not do) that was effective (or
ineffective)?
sh /usr/share/doc/mawk/examples/hical
*
>> So I updated /etc/apparmor.d/usr.sbin.cupsd
>> and the pdf printing works.
>
> With what did you update it?
>
In /etc/apparmor.d/usr.sbin.cupsd, below the line
/usr/lib/cups/backend/cups-pdf {
I added the line
capability mknod,
and I changed two lines from
@{HOME}/PDF/ rw,
/usr/sbin/lpinfo -m | grep ^lsb
returns nothing here.
I used /usr/share/ppd/cups-pdf/CUPS-PDF_opt.ppd
The other file there (noopt instead of opt) works as well.
> /usr/share/ppd/ should contain at least cups-pdf, cupsfilters and custom
> directories. The cupsfilters directory should have six files in it. If
> you do 'lpinfo -m | less' and search for any of these files, do you find
> them? (Check, as root, that the timestamp of /var/cache/cups/ppds.dat has
Here,
#lpinfo -m | grep -E "PDF|pdf"
returns nothing.
#lpinfo -m
returns none of the files from /usr/share/ppd/cupsfilters
This is my /etc/apt/sources.list, I am updating three or four times a year:
deb http://ftp.uni-erlangen.de/debian/ stretch main
deb-src http://ftp.uni-erlangen.de/debian/
> 1. Please do
>
>cp /usr/share/ppd/cups-pdf/CUPS-PDF_noopt.ppd
> /usr/share/ppd/custom/test.ppd
>
>(test.ppd can be deleted later on).
>
> 2. Activate debug logging as described at
>
>
> https://wiki.debian.org/DissectingandDebuggingtheCUPSPrintingSystem#The_CUPS_Error_Log
>
>
the result is a bit lengthy, you can download it from
http://i-r-p.de/tmp/error_log.txt
I deleted the symlink. Now,
# lpinfo -m | grep ^lsb
returns
lsb/usr/cupsfilters/Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd Fuji Xerox
lsb/usr/MFC7360N.ppd Brother MFC7360N for CUPS
lsb/usr/cups-pdf/CUPS-PDF_noopt.ppd Generic CUPS-PDF Printer (no options)
lsb/usr/cups-pdf/CUPS-PDF_opt.ppd Generic
Hi Brian,
thank you very much for your assistance.
Rudolf
> Post the output of 'ls -l /usr/share/ppd' and say from where you got the
> package containing the samsung files.
ls -l /usr/share/ppd returns
drwxr-xr-x 2 root root 4096 Jan 2 13:13 cupsfilters
drwxr-xr-x 2 root root 4096 Jan 3 10:26 cups-pdf
drwxrwsr-t 2 root lpadmin 4096 Jan 8
> The cupsctl command should show "_debug_logging=1".
Before, I used
cupsctl --debug-logging
which returned no errors - now I retried with
cupsctl LogLevel=debug1
and this finally gives an error_log:
E [08/Jan/2018:14:31:48 +0100] [cups-driverd] Bad driver information
file
same as before, /var/log/cups/error_log is empty
#cupsctl LogLevel=debug
#systemctl restart cups
#>/var/log/cups/error_log
#lpinfo -m
then /var/log/cups/error_log contains
I [08/Jan/2018:16:41:25 +0100] Expiring subscriptions...
I [08/Jan/2018:16:41:26 +0100] Expiring subscriptions...
I [08/Jan/2018:16:41:27 +0100] Expiring subscriptions...
I
Package: printer-driver-cups-pdf
Version: 3.0.1-4
Severity: grave
Justification: renders package unusable
-- System Information:
Debian Release: buster/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign
.
Rudolf Polzer
Package: libqt5serialport5
Version: 5.7.1 is available, 5.9.x is missing
I run Debian stable and need libqt5serialport5 version 5.9 instead of
5.7 - other parts of Debian stable do not accept qt5 version lower than 5.9
Which driver package are you using?
I am not sure what you mean by driver package.
In the cups web interface, I select
- USB connection
- Samsung
- Samsung CL-310 Series (SPL-C) (en)
Regards,
Rudolf
Package: printer-driver-cups-pdf
Version: 3.0.1-5
Severity: normal
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags:
Try the printer-driver-foo2zjs package.
This works - the printer is running again.
Thank you, Brian!
Rudolf
Subject: cups: Samsung CLP315 fails after update from Stretch to Buster
Package: cups
Version: 2.2.10-6
Severity: normal
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux
Hi intrigeri,
please make a suggestion how I should now proceed to get pdf printing
running on my stable Debian, because selecting a subdirectory of home
doesn't work - I get the same error message as before.
Regards,
Rudolf
Hello Intrigeri,
no, this is not included in /etc/apparmor.d/usr.sbin.cupsd.
Regards,
Rudolf Polzer
Am 11.12.19 um 07:50 schrieb intrigeri:
Does your /etc/apparmor.d/usr.sbin.cupsd end with these lines:
# allow read and write on almost anything in @{HOME} (lenient, but
# private
For me it is still not working, because I changed
/etc/cups/cups-pdf.conf
from
Out ${HOME}/Transport
to
Out ${HOME}
and get the error message
audit[5146]: AVC apparmor="DENIED" operation="mknod"
profile="/usr/lib/cups/backend/cups-pdf" name="/home/rudi/home_rudi.pdf"
pid=5146 comm="gs"
Package: installation-reports
Severity: normal
X-Debbugs-Cc: divver...@gmail.com
Boot method: USB
Image version: firmware-testing-amd64-netinst.iso
Date: 2021-10-10
Machine: Acer Switch V 10 (SW5-017P)
Partitions:
Number Start End SizeFile system Name Flags
1 1049kB 538MB
33 matches
Mail list logo