Re: Mozilla/Firefox "PostScript/default" security problems
On Wednesday 14 July 2004 5:40 pm, Dale Amon wrote: > The test was successful. I'm going to be keeping > a backup copy of the system disk though, just in > case something happens and I have to back out > a dselect that breaks something mission critical > to me... Newest Mozilla package 1.7.1 will have direct printing re-enabled . -- "Give me some more of that mind-numbing television and vodka before I start thinking, because we all know how dangerous *that* could be." -- Skud -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Sat, Jul 10, 2004 at 05:21:31PM -0500, Reid Priedhorsky wrote: > On Sat, 10 Jul 2004 12:00:07 +0200, Dale Amon wrote: > > > > I'd like a black and white clarification of the impact > > of the change so I know for certain whether to be > > incredibly pissed off at the packager or not: > > > > "If I were to dselect today, would I still > > be able to print to file a website page > > as ps?" [Y/N] > > As far as I can tell, the answer to this is a big fat maybe. It depends on > whether Xprint works for you -- Xprint generates the same postscript > whether you print to a file or to a printer, so whether you can get this > far (and whether the postscript is okay) depends on whether you have the > magic touch on Xprint. > > You have to try Xprint to see if it works for you. > > IMO, you should be pissed at the package manager, for removing a print > path that works for many, whose replacement does not work for some, > with claimed reasons being that the old way doesn't work for everyone > (neither does the new one) and that it is insecure (which so far, no one > has shown any real evidence of). > > Sure, I can roll my own package or grab the upstream, but I use Debian for > its fabulous package management. I don't want to mess with tracking > versions or rebuilding the deb regularly. I had some upgrades planned for my workstation so I ran the following test: * I cloned my current system disk so I could restore the system if the test failed... * I did a sid upgrade via dselect, package status as of July 12, evening GMT. * printed a web page to ps file * printed a web page to an HP printer The test was successful. I'm going to be keeping a backup copy of the system disk though, just in case something happens and I have to back out a dselect that breaks something mission critical to me... -- -- Dale Amon [EMAIL PROTECTED]+44-7802-188325 International linux systems consultancy Hardware & software system design, security and networking, systems programming and Admin "Have Laptop, Will Travel" -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Mon, Jul 12, 2004 at 05:48:32PM -0500, Brad Sims wrote: >On Monday 12 July 2004 2:33 am, Magnus Therning wrote: >> Will you put those packages somewhere where others can reach them as >> well? > >Hrm, I need more webspace, my ISP only gives me about 10M > >If you roll your own, read the new developer how-to to learn how to >make the debs version -99 that way apt won't try to replace them . > >BTW is there a painless way to set up a apt repository? IE turn it >loose on a directory of debs and it does the rest? Also online manuals >would be nice... Take a look here: http://small.dropbear.id.au/docs/aptarchive.html I put up a minimal apt-repo (only one package in it :-) using it as a guide. /M -- Magnus Therning(OpenPGP: 0xAB4DFBA4) [EMAIL PROTECTED] http://magnus.therning.org/ Linux means never having to delete your love mail. -- Don Marti signature.asc Description: Digital signature
Re: Mozilla/Firefox "PostScript/default" security problems
On Monday 12 July 2004 2:33 am, Magnus Therning wrote: > Will you put those packages somewhere where others can reach them as > well? Hrm, I need more webspace, my ISP only gives me about 10M If you roll your own, read the new developer how-to to learn how to make the debs version -99 that way apt won't try to replace them . BTW is there a painless way to set up a apt repository? IE turn it loose on a directory of debs and it does the rest? Also online manuals would be nice... -- COBOL: An exercise in Artificial Inelegance. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Mon, Jul 12, 2004 at 09:33:52AM +0200, Magnus Therning wrote: > On Sun, Jul 11, 2004 at 07:28:56PM -0500, Brad Sims wrote: > >On Saturday 10 July 2004 11:29 pm, Marc Wilson wrote: > >> The numerous bugs that have been filed, and the way they've been dealt > >> with, would seem to indicate that he's not interested in participating. > > > >Indeed, his entire argument consists of "Me, Debian Developer. you, user." > >"Me make decision; you no make decision." > > > >I will simply roll my own packages and he can go masturbate his ego in > >his own little corner of the net. > > Will you put those packages somewhere where others can reach them as > well? If hosting for these packages is needed, I should be able to provide a repository for them. -- Jamin W. Collins To be nobody but yourself when the whole world is trying it's best night and day to make you everybody else is to fight the hardest battle any human being will fight. -- E.E. Cummings -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Magnus Therning wrote: On Sun, Jul 11, 2004 at 07:28:56PM -0500, Brad Sims wrote: On Saturday 10 July 2004 11:29 pm, Marc Wilson wrote: The numerous bugs that have been filed, and the way they've been dealt with, would seem to indicate that he's not interested in participating. Indeed, his entire argument consists of "Me, Debian Developer. you, user." "Me make decision; you no make decision." I will simply roll my own packages and he can go masturbate his ego in his own little corner of the net. Will you put those packages somewhere where others can reach them as well? I've been off the list a while due to a booboo I made, and I've not seen the early part of this thread. I believe that if you have a problem with a DD, you can take it up with the technical committee. The contact address is the mailing list, and anyone can post, but as usual, if you're not on the list mention the fact. By getting the problem solved through official channels you benefit the whole project, whereas building the packages yourself leave the problem in place. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Sun, Jul 11, 2004 at 07:28:56PM -0500, Brad Sims wrote: >On Saturday 10 July 2004 11:29 pm, Marc Wilson wrote: >> The numerous bugs that have been filed, and the way they've been dealt >> with, would seem to indicate that he's not interested in participating. > >Indeed, his entire argument consists of "Me, Debian Developer. you, user." >"Me make decision; you no make decision." > >I will simply roll my own packages and he can go masturbate his ego in >his own little corner of the net. Will you put those packages somewhere where others can reach them as well? /M > >-- >"If you choke a smurf, what color does it turn?" > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Magnus Therning(OpenPGP: 0xAB4DFBA4) [EMAIL PROTECTED] http://magnus.therning.org/ Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to build bigger and better idiots. So far, the Universe is winning... signature.asc Description: Digital signature
Re: Mozilla/Firefox "PostScript/default" security problems
On Saturday 10 July 2004 11:29 pm, Marc Wilson wrote: > The numerous bugs that have been filed, and the way they've been dealt > with, would seem to indicate that he's not interested in participating. Indeed, his entire argument consists of "Me, Debian Developer. you, user." "Me make decision; you no make decision." I will simply roll my own packages and he can go masturbate his ego in his own little corner of the net. -- "If you choke a smurf, what color does it turn?" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Sat, Jul 10, 2004 at 05:29:13PM -0400, Carl Fink wrote: > Has anyone invited our Mozilla packager to participate in this > discussion? The numerous bugs that have been filed, and the way they've been dealt with, would seem to indicate that he's not interested in participating. -- Marc Wilson | Whatever became of eternal truth? [EMAIL PROTECTED] | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Has anyone invited our Mozilla packager to participate in this discussion? -- Carl Fink [EMAIL PROTECTED] Jabootu's Minister of Proofreading http://www.jabootu.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
* Don Armstrong: > Perhaps I've missed something, but everything that I've read in the > threads so far amounts to people either assuming that there's an issue > and not defining it, or attempting to figure out where the issue is. This summary is correct as far as I can see. No real security issue has been disclosed so far. Two things could lead to vulnerabilities: * It's possible to use scripting to set another print command. * Untrusted content might be put verbatim into the Postscript file. The latter case shouldn't be a problem because viewers and print spoolers should not assume benign Postscript files (if they do, it's their fault, not Mozilla's). If the first issue is a problem, printing to a pipe should be disabled, but not printing to a file (or printing should be made unscriptable). I find these rumors quite disturbing. Some people are trying very hard to put Mozilla's security efforts in a very bad shape. First the shell: protocol handler issue (on Windows) that has been known (in principle) since 2002, and now this mess. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Sat, 10 Jul 2004, Michael B Allen wrote: > My impression was that the PostScript generator had the security > issue Can someone please state, for the record, definitively and precisely what this "security issue" is? The fact that PS is a turing complete language isn't a security issue, beyond the fact that you shouldn't blindly execute untrusted PS. (Just like you shouldn't blindly execute make files, or C code, or perl scripts...) Perhaps I've missed something, but everything that I've read in the threads so far amounts to people either assuming that there's an issue and not defining it, or attempting to figure out where the issue is. Don Armstrong -- Personally, I think my choice in the mostest-superlative-computer wars has to be the HP-48 series of calculators. They'll run almost anything. And if they can't, while I'll just plug a Linux box into the serial port and load up the HP-48 VT-100 emulator. -- Jeff Dege, [EMAIL PROTECTED] http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Sat, 10 Jul 2004 11:19:03 -0400 Greg Folkert <[EMAIL PROTECTED]> wrote: > Excuse the cross posting, but many are "discussing" on all of these > lists. > > On Sat, 2004-07-10 at 06:47, Magnus Therning wrote: > > > > > > "If I were to dselect today, would I still > > >be able to print to file a website page > > >as ps?" [Y/N] > > > > Yes. Printing PS to a file is still possible. > > > > What is removed is the ability to have Mozilla/Firefox execute an > > external command (e.g. lpr) in order to print. > > H. Now since printing to a file is fine. (DING, light goes on.) I'd double check that. My impression was that the PostScript generator had the security issue in which case removing the ability to execute an external command would be pointless. The previous poster may have been using Xprint which would allow the user to print to file but not using the PostScript generator. I don't know for certain but you might want to check. Mike -- Greedo shoots first? Not in my Star Wars. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Excuse the cross posting, but many are "discussing" on all of these lists. On Sat, 2004-07-10 at 06:47, Magnus Therning wrote: > > > > "If I were to dselect today, would I still > > be able to print to file a website page > > as ps?" [Y/N] > > Yes. Printing PS to a file is still possible. > > What is removed is the ability to have Mozilla/Firefox execute an > external command (e.g. lpr) in order to print. H. Now since printing to a file is fine. (DING, light goes on.) What say we make a PIPE and attach it to something. Oh like say a print queue process, a redirect or something similar. That would allow us to use nearly anything we wanted to. Seems possible it'd be a simple process, given you could know what you are doing. Even for Epiphany or Galeon. Heck, we could even have do the work. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part
Re: Mozilla/Firefox "PostScript/default" security problems
On Wed, Jul 07, 2004 at 01:04:34PM -0400, Wayne Topa wrote: > Jamin W. Collins([EMAIL PROTECTED]) is reported to have said: > > On Wed, Jul 07, 2004 at 02:49:10AM -0400, Michael B Allen wrote: > > > On Tue, 6 Jul 2004 23:19:14 -0600 "Jamin W. Collins" > > > <[EMAIL PROTECTED]> wrote: > > > > > > > Direct print is the only way I can get reliable output here (I > > > > have both options). Almost every time I use Xprint the last > > > > part of a line is missing between pages. I haven't been able to > > > > locate a cause for this. > > > > > > Is your paper definition correct? If it is set as A4 or something > > > other than Letter that might account for the incorrect size. > > > > Yes, it set to letter (which is correct for the paper I'm using) on > > both the cups client and server machines. Any postscript printing > > works fine, but not xprinting. > > And in /etc/Xprint/C/print/attributes/document ??? No, because I have my locale set (I thought) appropriately to LANG=en_US.UTF-8. Based on this, checking /etc/Xprint/en_US/print/attributes/document revealed: # US and some other countries use US-Letter as default paper size # ("C"-locale default is "ISO-A4") *default-medium: na-letter Which would appear to be correct. For grins, I changed /etc/Xprint/C/print/attributes/document to *content-orientation: portrait *copy-count: 1 *default-medium: na-letter *default-printer-resolution: 300 on both the cups server and client machines, and restarted xprint (just to be safe). Test output from both the client and server itself still exhibit the exact same problem at the end of the pages. To be consistent with my testing I printed the same URL each time. In all cases except Postscript/Default the last few lines of the first page are truncated. You can see the truncation in this scan: http://gabfest.net/xprint-cutoff.png -- Jamin W. Collins To be nobody but yourself when the whole world is trying it's best night and day to make you everybody else is to fight the hardest battle any human being will fight. -- E.E. Cummings -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Jamin W. Collins([EMAIL PROTECTED]) is reported to have said: > On Wed, Jul 07, 2004 at 02:49:10AM -0400, Michael B Allen wrote: > > On Tue, 6 Jul 2004 23:19:14 -0600 > > "Jamin W. Collins" <[EMAIL PROTECTED]> wrote: > > > > > Direct print is the only way I can get reliable output here (I have both > > > options). Almost every time I use Xprint the last part of a line is > > > missing between pages. I haven't been able to locate a cause for this. > > > > Is your paper definition correct? If it is set as A4 or something other than > > Letter that might account for the incorrect size. > > Yes, it set to letter (which is correct for the paper I'm using) on both > the cups client and server machines. Any postscript printing works > fine, but not xprinting. And in /etc/Xprint/C/print/attributes/document ??? ie *content-orientation: portrait *copy-count: 1 *default-medium: na-letter *default-printer-resolution: 300 and it took these lines in .bash_profile to get Xprint to work, here at least, .bash_profile XPSERVERLIST="`/etc/init.d/xprint get_xpserverlist`" export XPSERVERLIST export LPDEST="lpp" Wayne -- The programmer's national anthem is ''. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Michael B Allen <[EMAIL PROTECTED]> writes: > Printing through xprint is considerably nicer. When xprint can finally query CUPS for all the information about my printer, specifically resolution and paper sizes, I'll grant you this. Until then, I have to dive into circa 1985 config file hell telling xprint everything about my printer just so that I can have output which is just as good (on the stuff I print) as it was with direct postscript out. > Here's some documentation. It's a little out dated and not specific to > Debian. I suspect Debian should be considerably easier. If it's not the > package isn't setup properly. It should be a breeze. Of course, that guide guarantees crappy output on any printer better than 1200dpi since it doesn't go into telling Xprint what the printer is capable of. That's done in "information about builtin printer fonts, DDX driver configuration information, and other stuff you will hopefully never have to look at (See also: Section 2 of Xprint Service Sample Implementation from the XFree86 documentation). " -- Alan Shutko <[EMAIL PROTECTED]> - I am the rocks. Barney Hunting season is now *OPEN*... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Wed, Jul 07, 2004 at 02:49:10AM -0400, Michael B Allen wrote: > On Tue, 6 Jul 2004 23:19:14 -0600 > "Jamin W. Collins" <[EMAIL PROTECTED]> wrote: > > > Direct print is the only way I can get reliable output here (I have both > > options). Almost every time I use Xprint the last part of a line is > > missing between pages. I haven't been able to locate a cause for this. > > Is your paper definition correct? If it is set as A4 or something other than > Letter that might account for the incorrect size. Yes, it set to letter (which is correct for the paper I'm using) on both the cups client and server machines. Any postscript printing works fine, but not xprinting. -- Jamin W. Collins To be nobody but yourself when the whole world is trying it's best night and day to make you everybody else is to fight the hardest battle any human being will fight. -- E.E. Cummings -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Michael B Allen([EMAIL PROTECTED]) is reported to have said: > On Tue, 6 Jul 2004 20:52:37 -0400 > Wayne Topa <[EMAIL PROTECTED]> wrote: > > I am also running firefox 0.8 but it was installed with apt-get. I am > > stuck with Xprint with no postscript/default. :-( > > Try it. Just run the Xprint daemon (/etc/init.d/xprint start?), find out > what display it's running on by looking at ps -fax (say it's ":2") and then > add export XPRTSERVERLIST=":2" to your environment (and log out and in if > necessary to reinit the env). Start mozilla and see if your printers > exported by CUPS (or whatever your lpq reports) is listed in the printer > dialog. Printing through xprint is considerably nicer. Sorry, I didn't mention that I have Xprint working, I just don't like it! I had, before the Moz change, 3 different print entries working in printcap. Now only 2 work and not the way they used to. I'm stuck with 300 DPI, whis is OK for general use, but have lost the ability to use 600 DPI when I need to. I also loaded the Mozilla browser and find that the printer works differently in it then it does in Firefox. Entries that work in firefox don't work in moz and vice versa. All in all the printer does work, but, why anyone would want to disable postscript printing when it was working fine for most users. I haven't read the bugreport that caused this but it is a bit scary when one person has a problem and it is fixed, for him, and causes so many others to scramble to get printing working. Have not seen this happen before in many many years with Debian. Wayne -- It works! Now if only I could remember what I did... ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Michael B Allen <[EMAIL PROTECTED]> writes: >> On Tue, Jul 06, 2004 at 09:15:36PM -0700, Marc Wilson wrote: >> > >> > Direct printing works for some people, and for others it doesn't. >> > XPrint works for some people, and for others it doesn't. > > Other than someone on PPC there haven't been any problem descriptions > so I don't see how you arrived at this conclusion. See my posting to the thread "postscript-enabled mozilla package anyone?". Martin -- ,--.Martin Dickopp, Dresden, Germany ,= ,-_-. =. / ,- ) http://www.zero-based.org/ ((_/)o o(\_)) \ `-' `-'(. .)`-' `-. Debian, a variant of the GNU operating system. \_/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, 6 Jul 2004 23:19:14 -0600 "Jamin W. Collins" <[EMAIL PROTECTED]> wrote: > On Tue, Jul 06, 2004 at 09:15:36PM -0700, Marc Wilson wrote: > > > > Direct printing works for some people, and for others it doesn't. > > XPrint works for some people, and for others it doesn't. Other than someone on PPC there haven't been any problem descriptions so I don't see how you arrived at this conclusion. > XPrint is > > *not* an arguably superior product, so why is that choice forced on > > people? Xprint output is far suprior to PostScript/default. It just requires extra setup. The PostScript/default printer traverses the document tree and generates output that ultimately does not look exactly like what is displayed in the browser window. Xprint translates X protocol drawing operations into PostScript drawing operations. Thus you get exactly what you see. This is actually the only way to print certain things like Unicode fonts, MathML, etc and is just a better technique. Granted it's not ideal because it needs X. It would have been better if the Mozilla folks had the forethought to abstract the display device so that a primative drawing operation would work equally well with a printer device as it did with a video device but permit the device implementation to override or add to the output. Unfortunately that didn't happen but Xprint is still closer to the ideal solution. > Direct print is the only way I can get reliable output here (I have both > options). Almost every time I use Xprint the last part of a line is > missing between pages. I haven't been able to locate a cause for this. Is your paper definition correct? If it is set as A4 or something other than Letter that might account for the incorrect size. Mike -- Greedo shoots first? Not in my Star Wars. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, 6 Jul 2004 20:52:37 -0400 Wayne Topa <[EMAIL PROTECTED]> wrote: > I am also running firefox 0.8 but it was installed with apt-get. I am > stuck with Xprint with no postscript/default. :-( Try it. Just run the Xprint daemon (/etc/init.d/xprint start?), find out what display it's running on by looking at ps -fax (say it's ":2") and then add export XPRTSERVERLIST=":2" to your environment (and log out and in if necessary to reinit the env). Start mozilla and see if your printers exported by CUPS (or whatever your lpq reports) is listed in the printer dialog. Printing through xprint is considerably nicer. Here's some documentation. It's a little out dated and not specific to Debian. I suspect Debian should be considerably easier. If it's not the package isn't setup properly. It should be a breeze. http://www.ioplex.com/~miallen/xprint/ Mike -- Greedo shoots first? Not in my Star Wars. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, Jul 06, 2004 at 09:15:36PM -0700, Marc Wilson wrote: > > Direct printing works for some people, and for others it doesn't. > XPrint works for some people, and for others it doesn't. XPrint is > *not* an arguably superior product, so why is that choice forced on > people? Direct print is the only way I can get reliable output here (I have both options). Almost every time I use Xprint the last part of a line is missing between pages. I haven't been able to locate a cause for this. However, the same pages printed with the Postscript/Default are perfect. -- Jamin W. Collins Remember, root always has a loaded gun. Don't run around with it unless you absolutely need it. -- Vineet Kumar -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, 06 Jul 2004 18:29:39 -0400 Travis Crump <[EMAIL PROTECTED]> wrote: > It may > be that you can't enable both direct printing and xprint at the same > time, No. That is not true. To run Xprint you start the Xprt daemon and export XPRTSERVERLIST=":2" (or some alternative display not used). When Mozilla sees XPRTSERVERLIST in the env it lists the exported printer as an option in the print dialog. Take away the XPRTSERVERLIST variable and PostScript/default is the default. Actually it might even be listed together. I don't recall. Mike -- Greedo shoots first? Not in my Star Wars. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, Jul 06, 2004 at 10:39:08AM -0500, Alan Shutko wrote: > Reid Priedhorsky <[EMAIL PROTECTED]> writes: > > > 1. It was broken for some people. > > > > Fine, but Xprint is broken for me and now I can't print. I don't > > think it's appropriate to remove a feature until its replacement is > > stable and useable by everyone who could use the old feature. > > Personally, I don't think it's appropriate to remove a feature when > its replacement is an over-engineered piece of crap which is slow, > hardly bothers to interact with the rest of the OS. But that > describes a lot of what the Mozilla project shovels out. Take heart, > Xprint will probably start to be useful in a year or two. Apparently it doesn't matter what upstream does, and it doesn't matter what the users want. Bugs 256072 and 257985 have been merged, downgraded to wishlist, and tagged wontfix by the maintainer with no further explanation. I reiterate what I said in my posting to #256072... if Mozilla supposedly has this horrific (but completely unsubstantiated) security flaw, where's the DSA for Woody, the entries in the mozilla.org BugZilla, the CERT advisory, the patches/changes from the other distributions, and, finally, whyinhell is upstream still distributing it with direct printing turned on in their own builds? Or does the maintainer have another reason he'd like to promote? Direct printing works for some people, and for others it doesn't. XPrint works for some people, and for others it doesn't. XPrint is *not* an arguably superior product, so why is that choice forced on people? -- Marc Wilson | There's certainly precedent for that already too. [EMAIL PROTECTED] | (Not claiming it's *good* precedent, mind you. :-) | -- Larry Wall in <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tuesday 06 July 2004 7:52 pm, Wayne Topa wrote: > am also running firefox 0.8 but it was installed with apt-get. I am > stuck with Xprint with no postscript/default. :-( You could install the upstream version via their installer... it still uses postscript/default. Be advised however that only firefox as packaged from Mozilla has xft. The Mozilla-browser is non-xft and looks ghastly . However both actually browse AND print. Shocking I know. -- atheism is only a religion the way absolute zero is a temperature. -- Del Cotter, rasseff
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, 6 Jul 2004 20:52:37 -0400 Wayne Topa <[EMAIL PROTECTED]> wrote: > Jacob S.([EMAIL PROTECTED]) is reported to have said: > > On Tue, 06 Jul 2004 18:29:39 -0400 > > Travis Crump <[EMAIL PROTECTED]> wrote: > > > > > Brad Sims wrote: > > > > > > > > I am, I was told that mozilla no longer supports direct > > > > printing, and the lack of postscript wasn't a bug and they > > > > closed my bugreport. > > > > > > > > > > Upstream still supports directs printing, at least as of Sunday. > > > It may be that you can't enable both direct printing and xprint at > > > the same time, and so the debian maintainer had to make a choice > > > as to which is more useful. > > > > No, wouldn't be that, either. I'm running Testing, current as of > > today, and Firefox 0.8 is showing me options of "Postscript/default" > > as well as a couple of xprint variations. (Firefox was not installed > > via apt-get.) > > > > I am also running firefox 0.8 but it was installed with apt-get. I am > stuck with Xprint with no postscript/default. :-( I would recommend either downgrading via .debs from snapshot.debian.org, as mentioned in a similar thread on this list, or download the latest Firefox tarball from Mozilla.org and use the equivs package to let Debian know what version you have installed. Hopefully we'll get Postscript support back in Debian's Mozilla/Firefox soon. Jacob -- GnuPG Key: 1024D/16377135 Random .signature #56: Windows hasn't increased computer literacy. It's just lowered the standard. pgpcFcX1daEDv.pgp Description: PGP signature
Re: Mozilla/Firefox "PostScript/default" security problems
Jacob S.([EMAIL PROTECTED]) is reported to have said: > On Tue, 06 Jul 2004 18:29:39 -0400 > Travis Crump <[EMAIL PROTECTED]> wrote: > > > Brad Sims wrote: > > > > > > I am, I was told that mozilla no longer supports direct printing, > > > and the lack of postscript wasn't a bug and they closed my > > > bugreport. > > > > > > > Upstream still supports directs printing, at least as of Sunday. It > > may be that you can't enable both direct printing and xprint at the > > same time, and so the debian maintainer had to make a choice as to > > which is more useful. > > No, wouldn't be that, either. I'm running Testing, current as of today, > and Firefox 0.8 is showing me options of "Postscript/default" as well as > a couple of xprint variations. (Firefox was not installed via apt-get.) > I am also running firefox 0.8 but it was installed with apt-get. I am stuck with Xprint with no postscript/default. :-( Wayne -- Computers follow your orders, not your intentions. ___ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Okay, who wants to fork the Mozilla family? -- Carl Fink [EMAIL PROTECTED] Jabootu's Minister of Proofreading http://www.jabootu.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Brad Sims <[EMAIL PROTECTED]> writes: > I am, I was told that mozilla no longer supports direct printing, and > the lack of postscript wasn't a bug and they closed my bugreport. Incidentally, it appears the upstream Linux builds still have direct PS support. -- Alan Shutko <[EMAIL PROTECTED]> - I am the rocks. Sign on bank: "FREE BOTTLE OF CHIVAS WITH EVERY MILLION- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, 06 Jul 2004 18:29:39 -0400 Travis Crump <[EMAIL PROTECTED]> wrote: > Brad Sims wrote: > > > > I am, I was told that mozilla no longer supports direct printing, > > and the lack of postscript wasn't a bug and they closed my > > bugreport. > > > > Upstream still supports directs printing, at least as of Sunday. It > may be that you can't enable both direct printing and xprint at the > same time, and so the debian maintainer had to make a choice as to > which is more useful. No, wouldn't be that, either. I'm running Testing, current as of today, and Firefox 0.8 is showing me options of "Postscript/default" as well as a couple of xprint variations. (Firefox was not installed via apt-get.) Jacob -- GnuPG Key: 1024D/16377135 Random .signature #57: Windows NT encountered the following error: The operation completed successfully. pgpalSGkWHAJq.pgp Description: PGP signature
Re: Mozilla/Firefox "PostScript/default" security problems
Brad Sims wrote: On Tuesday 06 July 2004 2:32 am, Michael B Allen wrote: What! The PostScript/default printing was pretty bad but I'm a little surprised they dumped it entirely as it would require additional setup to get xprint running. Are you sure? I am, I was told that mozilla no longer supports direct printing, and the lack of postscript wasn't a bug and they closed my bugreport. Upstream still supports directs printing, at least as of Sunday. It may be that you can't enable both direct printing and xprint at the same time, and so the debian maintainer had to make a choice as to which is more useful. signature.asc Description: OpenPGP digital signature
Re: Mozilla/Firefox "PostScript/default" security problems
On Tuesday 06 July 2004 2:32 am, Michael B Allen wrote: > What! The PostScript/default printing was pretty bad but I'm a little > surprised they dumped it entirely as it would require additional setup > to get xprint running. Are you sure? I am, I was told that mozilla no longer supports direct printing, and the lack of postscript wasn't a bug and they closed my bugreport. -- Trying to win hearts and mindes on a newsgroup is like putting up an art gallery for gerbils. -- Bryan J. Maloney in ASP -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Tue, 06 Jul 2004 09:40:12 +0200, Michael B Allen wrote: > > Reid Priedhorsky <[EMAIL PROTECTED]> wrote: > > > > 2. It had security problems. > > > > This brings me to my question: Does anyone have any solid references > > on these security problems? Googling and searching the bug database > > only yielded a vague claim about a remote exploit (bug #247585). > > Well X in general has exploits and if you run a *dm session manager it's > running as root. So if you're running Xprint you're running X so an > exploit in Xprint is somewhat redundant. The bottom line is you cannot > run X exposed to hostile networks. Hm, I suppose I was unclear. It was the "PostScript/default" printing option, the one that was removed, not Xprint, that supposedly has security issues. I'm trying to solidify these claims. Reid -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
Reid Priedhorsky <[EMAIL PROTECTED]> writes: > 1. It was broken for some people. > > Fine, but Xprint is broken for me and now I can't print. I don't > think it's appropriate to remove a feature until its replacement is > stable and useable by everyone who could use the old feature. Personally, I don't think it's appropriate to remove a feature when its replacement is an over-engineered piece of crap which is slow, hardly bothers to interact with the rest of the OS. But that describes a lot of what the Mozilla project shovels out. Take heart, Xprint will probably start to be useful in a year or two. -- Alan Shutko <[EMAIL PROTECTED]> - I am the rocks. If you can't be with the one you love, kill the one they're with. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Mozilla/Firefox "PostScript/default" security problems
On Mon, 05 Jul 2004 21:56:14 -0500 Reid Priedhorsky <[EMAIL PROTECTED]> wrote: > Hello all, > > I have just discovered that the Mozilla and Firefox old-style printing > option "PostScript/default" is gone. Apparently we are now supposed to use > the Xprint printing stuff; unfortunately, Xprint is broken for me in at > least two ways. Now I can't print. What! The PostScript/default printing was pretty bad but I'm a little surprised they dumped it entirely as it would require additional setup to get xprint running. Are you sure? > Justification, as far as I can tell, for removing the old stuff was for > two reasons: > > 1. It was broken for some people. > > Fine, but Xprint is broken for me and now I can't print. I don't think > it's appropriate to remove a feature until its replacement is stable and > useable by everyone who could use the old feature. What's the symptom? > 2. It had security problems. > > This brings me to my question: Does anyone have any solid references on > these security problems? Googling and searching the bug database only > yielded a vague claim about a remote exploit (bug #247585). Well X in general has exploits and if you run a *dm session manager it's running as root. So if you're running Xprint you're running X so an exploit in Xprint is somewhat redundant. The bottom line is you cannot run X exposed to hostile networks. Mike -- Greedo shoots first? Not in my Star Wars. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Mozilla/Firefox "PostScript/default" security problems
Hello all, I have just discovered that the Mozilla and Firefox old-style printing option "PostScript/default" is gone. Apparently we are now supposed to use the Xprint printing stuff; unfortunately, Xprint is broken for me in at least two ways. Now I can't print. Justification, as far as I can tell, for removing the old stuff was for two reasons: 1. It was broken for some people. Fine, but Xprint is broken for me and now I can't print. I don't think it's appropriate to remove a feature until its replacement is stable and useable by everyone who could use the old feature. 2. It had security problems. This brings me to my question: Does anyone have any solid references on these security problems? Googling and searching the bug database only yielded a vague claim about a remote exploit (bug #247585). Thanks, Reid -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]