tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkgsrc and security: xpdf example

On 2019-07-29 09:37, wrote:
Nonetheless, for security, xpdf(1) is a good example. It could be argued
that there could be another mean to send a print job, taking into
account the problem of the vast variety of printing ways on different OSes

There are that many? You are quite likely to find lpr(1) - even cups will provide it, if so configured.

The alternative is apparently to use cups out of the program, which ties you to, well, cups.

(so that
xpdf would call one explicit program---a defined pathname script,
defined at installation time---with arguments instead of passing
whatever command to the shell), but, all in all, it's its function
to render PDF, on screen or on paper...

Funny, that. I have just come back from mupdf to xpdf for daily use, because I found that the blasted former cannot print. It's not just that xpdf can print, it will also memorize the proper printer options (painfully cribbed together) that I would otherwise have to make a shell alias for. Which leads me to my last point...

... what xpdf does (print with a pre-set command via system()) is exactly what I would (have to) do from the commandline. Same credentials. So how does forcing me to send a document to a printer from the shell prompt, as opposed to out of xpdf, make anything/anybody safer?

Seriously puzzled,

     The ASCII Ribbon Campaign                    Hauke Fath
()     No HTML/RTF in email	        Institut für Nachrichtentechnik
/\     No Word docs in email                     TU Darmstadt
     Respect for open standards              Ruf +49-6151-16-21344

Home | Main Index | Thread Index | Old Index