Re: Mozilla/Firefox "PostScript/default" security problems
On Mon, 05 Jul 2004 21:56:14 -0500
Reid Priedhorsky <reid@reidster.net> wrote:
> Hello all,
>
> I have just discovered that the Mozilla and Firefox old-style printing
> option "PostScript/default" is gone. Apparently we are now supposed to use
> the Xprint printing stuff; unfortunately, Xprint is broken for me in at
> least two ways. Now I can't print.
What! The PostScript/default printing was pretty bad but I'm a little
surprised they dumped it entirely as it would require additional setup
to get xprint running. Are you sure?
> Justification, as far as I can tell, for removing the old stuff was for
> two reasons:
>
> 1. It was broken for some people.
>
> Fine, but Xprint is broken for me and now I can't print. I don't think
> it's appropriate to remove a feature until its replacement is stable and
> useable by everyone who could use the old feature.
What's the symptom?
> 2. It had security problems.
>
> This brings me to my question: Does anyone have any solid references on
> these security problems? Googling and searching the bug database only
> yielded a vague claim about a remote exploit (bug #247585).
Well X in general has exploits and if you run a *dm session manager
it's running as root. So if you're running Xprint you're running X so an
exploit in Xprint is somewhat redundant. The bottom line is you cannot
run X exposed to hostile networks.
Mike
--
Greedo shoots first? Not in my Star Wars.
Reply to: