On Tue, 03 Apr 2012 11:22:24 -0700, per...@pluto.rain.com wrote: > Jerry <je...@seibercom.net> wrote: > > > Obviously you are not aware of the latest trend towards the > > movement to standardize PDF as the standard print format. I would > > recommend you start by reading the documentation located at: > > <http://www.linuxfoundation.org/collaborate/workgroups/openprinting> > > and continue on from there. > > That page seems to be concerned with using PDF, rather than PS, as > a common intermediate print language in CUPS. I see nothing there > relevant to sending PDF directly to a printer.
See this page: http://www.linuxfoundation.org/collaborate/workgroups/openprinting/pdfasstandardprintjobformat It discusses (quite short, I admit) programs outputting PDF instead of PS when generating printing data. Handing that data over to the printer does not involve any conversion or intermediate formats anymore. The functionality of CUPS would then be "reduced" to what the system's default printer spooler does (and did since the 1970's): Read data from a program and send it to the printer. Only the format of data has changed: pure text, text with control characters, PS, PCL, PDF. It starts at the "application front". > > While there might be some rational for your security concerns on > > a business network in regards to wireless networks, they are not > > really relevant on a home networks. The simple ease of use that a > > wireless network gives a user on a home network far outweigh any > > pseudo claims of espionage. > > Following that line of reasoning to its logical conclusion would > lead one to believe that home networks have no need of any malware > protection, e.g. anti-virus. Any ISP which has had to deal with > incidents precipitated by customers' infected machines -- including > but likely not limited to DDoS and spambots -- would likely disagree. Home networks and carelessly treated corporate networks make the majority of what causes trouble on the Internet. Don't notice == doesn't exist. :-) > I maintain that an attacker can more easily trick a less-than- > paranoid user into sending a malware "print file" to a PDF-accepting > printer than to a non-PDF-accepting printer, simply because PDF > is such a commonly used distribution format. In regards of the web being a main source of attacks, few lines of Javascript would allow to automatically access the printer and send it some PDF data, "drive-by attacks" made simple. > If someone prints a > malware "PDF" file that they have downloaded, and the process of > printing it does not require that it be transformed in any way (such > as conversion to PS) before being sent to the printer, their only > protection from disaster is whatever validation may be built into > the printer itself. (Keep in mind that what started the malware > discussion was Poly's link to a report stating that some printers > do not sufficiently validate an "update firmware" job.) That's why I _hope_ printer manufacturers will take care about that topic. As far as it's _possible_ to validate PDF data that _might_ be a threat, it should be done, and in worst case, "malicious portions" of the data should be ignored. > Granted the identical exposure exists for a PS printer if the > downloaded malware file is identified as a PS file, however the > risk is much less in practice because distribution of PS files > is sufficiently uncommon that most unsophisticated users would > have no idea what to do with one if they were to come across it. Furthermore, PS files would - on most cases - undergo another conversion, for example to PCL. A PS interpreter would have to be exploited to "carry" malicious code from PS to PCL (if the PCL language allows the same kind of hostile manipulation as the PS language would). In this case, FOSS is a good shield. Code that gets many reviews by the _public_ is less prone to contain "backdoors" (phrase incorrectly used) that would allow such "mis"-interpretation. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
