LPRng: ANNOUNCEMENT: Foomatic 3.0.2 released!
Oi, this is Foomatic 3.0.2, the third stable release in the Foomatic 3.0.x series. This is a bug fix release, especially to fix a security problem in foomatic-rip. It was possible to make foomatic-rip executing arbitrary commands as the user lp (or however the spooler's special user is called) on the print server. The securoty advisory ID of this problem is CAN-2004-0801. Other fixes are: Workaround for PostScript generation bug in all OpenOffice.org 1.1.x versions, compatibility fix of manufacturer names in the the generated PPDs with the Adobe specs, usage of Gimp-Print instead of GIMP-Print, and more. Give your comments and suggestions for the further development on the Foomatic Development List/Newsgroup on linuxprinting.org. See details and how to proceed below. Happy printing! Till Changes --- - Some fixes to make foomatic-rip more robust against weird input via the command line or environment variables are done. This solves the problem of an attacker being able to run arbitrary commands as lp (or however the spooler's special user is named) on the print server (Security Advisory CAN-2004-0801). - Workaround for PostScript generation bug in all OpenOffice.org 1.1.x versions. - Let the PPD generator use the manufacturer as defined in the Foomatic database and not the one from the IEEE-1284 auto-detection ID string for the *Manufacturer: ... tag of the PPD files, as in the IDs the manufacturer names often do not comply with the Adobe specs (as Hewlett-Packard, HP has to be used. - Replaced GIMP-Print by Gimp-Print in all texts in the Foomatic database, the software and the linuxprinting.org web site. - Compatibility fixes for newest gcc. - Read paper size with unit out of the driverval (needed for Omni), restrict paper sizes in the PPD to 2 digits after the decimal point. - Let options for red and blue ink settings (of Gimp-Print) be correctly sorted in in the PPD files. Packages The release consists of two packages: http://www.linuxprinting.org/download/foomatic/foomatic-filters-3.0.2.tar.gz http://www.linuxprinting.org/download/foomatic/foomatic-db-engine-3.0.2.tar.gz It is recommended to also update foomatic-db and foomatic-db-hpijs from the CVS or from http://www.linuxprinting.org/download/foomatic/ (daily snapshots look for the -current files). As the database is regularly updated for new printers and drivers, there are no special releases for it, please use the last daily snapshot for distributions (the date can be considered as version number). foomatic-db-hpijs releases are coupled with releases of HPIJS (http://hpinkjet.sf.net/). The packages should be installed in the following order: 1. foomatic-filters 2. foomatic-db 3. foomatic-db-hpijs 4. foomatic-db-engine Please read the USAGE files to know how to install and use these packages. You do not necessarily need to install foomatic-db-hpijs, you only need it when you want to use a printer with the HPIJS driver. Uninstall any old version of Foomatic before you install these packages. To set up print queues for any supported spooler (CUPS, LPRng, LPD, GNUlpr, PPR, PDQ, CPS, no spooler) use foomatic-configure as described in the USAGE file of foomatic-db-engine. You can set up printer queues based on the Foomatic database, with PPD files for PostScript printers, with CUPS raster drivers, or raw queues. This is possible for all spoolers. You can also print a wide range of file types with every spooler (when you use LPRng, LPD, GNUlpr, PDQ, CPS, or no spooler you need a2ps on your machine). If you want to know how all this works, see the README files of both the foomatic-db-engine and foomatic-filters packages. Web site Alternatively you can download all what you need for setting up a print queue from the web. Go simply to the usual site: http://www.linuxprinting.org/ - YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRng MAILING LIST The address you post from or your Reply-To address MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. To subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST mailaddr | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST mailaddr | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, call Patrick Powell or one of the friendly staff at Astart Technologies for help. Astart also does support for LPRng. Also, check the Web Page at: http://www.lprng.com for any announcements. Astart Technologies (LPRng - Print Spooler http://www.lprng.com) 6741 Convoy Court San Diego, CA 92111 858-874-6543 FAX 858-751-2435 -
LPRng: Using /dev/fd/0 and learning from (bad) experiences
/dev/fd/0 Considered Harmful Patrick (No good deed goes unpunished) Powell papowell _AT_ astart _dot_ com Preface: After writing the first draft of this article, I started looking at various archives for discussion about /dev/fd/0 support in various operating systems. In the foomatic-developer mailing lists there was a discussion about the differences between using /dev/fd/0 and '-' as input file specifications for GhostScript and other programs. This issue strikes again. Read on and weep, gnash your teeth, or laugh at me as you find suitable. And then look at the code that you have been writing and weep, gnash your teeth, or scream in rage that you have fallen into the trap of /dev/fd/0. Introduction: I have just spent the last couple of days trying to discover why part of the LPRng printing system died after an upgrade to some of the components. The cause was finally traced to the use of /dev/fd/0 for a pathname instead of the classic '-' for some utilities. To say that this was a suprise was, shall we say, a tremendous understatement, and led to exploring the depths of the source code of various programs, including GhostScript, a2ps, enscript, and others where a '-' argument for a pathname means 'read from fd 0' (i.e. - stdin). What is the purpose of the /dev/fd/0 stuff? Lets look at a typical example, say, the 'file' utility. It expects a command line such as: file /tmp/file It will open /tmp/file, read its contents, and determine the file type. Sometimes you would like to determine the file type of the output of a pipe: perl run_script | file But file, bless its little heart, may REQUIRE a path. So, /dev/fd/0 to the rescue: perl run_script | file /dev/fd/0 Through the magic of the Operation System, fd = open(/dev/fd/0,...) will have the same effect (broadly speaking) as fd = dup(0) and fd will be a 'duplicate' of fd 0. The Dark Side of /dev/fd/0 On the surface, /dev/fd/0 appears to be harmless and a Good Idea. But lets look at another convention. If no input files are specified, then input will be taken from STDIN (fd 0). If there is a path specified, then the file file will be opened and input read from it. By convention, '-' will ALSO stand for reading from stdin. /* Good and reasonable implementation but screws up when /dev/fd/0 passed */ if( path strcmp(path,-) ){ close(0); /* covers the case where fd 0 is not open, note the lack of error checking, which is deliberate here */ if( (fd = open(path,)) == -1 ){ Die(cannot open '%s' - %s, path, strerror(errno) ); } else if( fd ){ Die(open '%s' returned FD %d, path, fd ); } } Lets see what happens here. FD 0 is closed. The Operating System takes the usual actions associated with closing the file descriptor, probably updating the internal process structure. Then we open 'path'. If, as we expect, opening /dev/fd/0 should try to open an 'unopenable' file, the open should fail. But for some programs it does not. Why? /* Evil and poor implementation */ if( path strcmp(path,-) ){ close(0); open(path,) } ... if( read(0,...) 0 ){ /* treat as EOF */ } As you see, the brutal assumpation is made that the file open will always succeed, or if it fails, we get -1, which will case an -1 value to be returned when used with read(). You would suspect that nobody would write code like that, right? Ummm... lets change the subject really fast. And stop using grep to look at my code, you suspicious person, you. Say you have a simple PostScript file: %!PS-Adobe-3.0 /Courier findfont 200 scalefont setfont 72 300 moveto (1) show showpage % gs --help AFPL Ghostscript 8.13 (2003-12-31) % gs /tmp/one.ps you get page output % gs /dev/fd/0 /tmp/one.ps AFPL Ghostscript 8.14 (2004-02-20) Copyright (C) 2004 artofcode LLC, Benicia, CA. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusMonL-Regu font from /usr/local/share/ghostscript/fonts/n022003l.pfb... 2267236 903936 1456484 168258 1 done. showpage, press return to continue you get no page output % gs - /tmp/one.ps you get page output Umm... interesting. Very interesting. It appears that AFPL ghostscript has a /dev/fd/0 related problem. So lets try Gnu-GhostScript: # gs /tmp/one.ps GNU Ghostscript 7.07 (2003-05-17) Copyright (C) 2003 artofcode LLC, Benicia, CA. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. Loading NimbusMonL-Regu font from /usr/local/share/ghostscript/fonts/n022003l.pfb...