Re: Mozilla/Firefox "PostScript/default" security problems
On Sat, Jul 10, 2004 at 05:21:31PM -0500, Reid Priedhorsky wrote:
> On Sat, 10 Jul 2004 12:00:07 +0200, Dale Amon wrote:
> >
> > I'd like a black and white clarification of the impact
> > of the change so I know for certain whether to be
> > incredibly pissed off at the packager or not:
> >
> > "If I were to dselect today, would I still
> > be able to print to file a website page
> > as ps?" [Y/N]
>
> As far as I can tell, the answer to this is a big fat maybe. It depends on
> whether Xprint works for you -- Xprint generates the same postscript
> whether you print to a file or to a printer, so whether you can get this
> far (and whether the postscript is okay) depends on whether you have the
> magic touch on Xprint.
>
> You have to try Xprint to see if it works for you.
>
> IMO, you should be pissed at the package manager, for removing a print
> path that works for many, whose replacement does not work for some,
> with claimed reasons being that the old way doesn't work for everyone
> (neither does the new one) and that it is insecure (which so far, no one
> has shown any real evidence of).
>
> Sure, I can roll my own package or grab the upstream, but I use Debian for
> its fabulous package management. I don't want to mess with tracking
> versions or rebuilding the deb regularly.
I had some upgrades planned for my workstation so I
ran the following test:
* I cloned my current system disk so
I could restore the system if the
test failed...
* I did a sid upgrade via dselect,
package status as of July 12,
evening GMT.
* printed a web page to ps file
* printed a web page to an HP printer
The test was successful. I'm going to be keeping
a backup copy of the system disk though, just in
case something happens and I have to back out
a dselect that breaks something mission critical
to me...
--
------------------------------------------------------
Dale Amon amon@islandone.org +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
Reply to: