The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 CUPS - disabling stock lpr
Author: Rob 
Date:   15-11-02 02:54

Regarding step 8 --

It's a bad idea to put /usr/local/bin ahead of /usr/bin in your path. It can make it easier to trojan your system -- a rogue program (or person) could slip a script named "ls" in your /usr/local/bin and "hijack" your commands. Granted, this would require permission... but people tend to be a lot more lax about /usr/local.

Also, it could cause you to execute the wrong version of a command if you have more than one version installed.

A better Step 8 would be:

8a. Move all of the lpr-related binaries out of /usr/bin into a new directory that is not in the normal execution path. You may want to tar up the directory.
8b. Edit /etc/make.conf and uncomment the line that contains "NO_LPR=true". This will prevent make from installing the lpr components when you rebuild the system from source.

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: Gerard Samuel 
Date:   27-11-02 14:14

Understandable. Here is what I did to replace step 8 ->

a. Go to /usr/bin
cd /usr/bin

b. Back up print files.
tar cvfz default_print_binaries.tgz lp*

c. Move compressed files to a safe place. (Its up to you)
mv default_print_binaries.tgz ~

d. Remove Default Print binaries.
rm /usr/bin/lp*

e. Edit /etc/make.conf and add if not there

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: g2k 
Date:   30-11-02 15:44

one should also make sure that the CUPS printer name is the same as the samba printer share to avoid that "client_error_not possible" thing.

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: Luis 
Date:   25-12-02 18:46

Concerning Rob's observations: Rob what level of expertise must somebody have to have deduced/learned the /usr/local/bin-trojan horse issue that you are discussing? I am not new to FreeBSD, have installed/used it for over two years and that comment is beyond my knowledge base. Thanks. Luis

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: Steven 
Date:   27-12-02 19:11


My CUPS installation was not as nice as the article explains it is.
I installed my HP Deskjet 5550 with the CUPS new HP Driver whatever that is and all i get is "Unable to convert file 0 to printable format for job 12!" error message.

It seems, that /usr/ports/print/cups-pstoraster is missing in my system, which i am installing now. Lets see if its working better then.


This is the wrong place for a security discussion. If you are concerned that your /usr/local is insecure just leave it. I can imagine 100 other things to do to compromise your system than placing a trojan ls command in /usr/local/bin.

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: Gerard Samuel 
Date:   27-12-02 19:18

I found this at the CUPS FAQ...
Maybe it applies to you....

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: deman 
Date:   28-12-02 23:07

While this is not a security place, I think we should be working from start with security in mind. Rob comment is good for me because I want to make sure that whatever I do will not impair my system security

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: JoeBob 
Date:   29-08-03 04:04

Also, if yer feeling lazy - the cups build will install ghostscript without the seperate make ghostscript.

Reply To This Message
 Re: CUPS - disabling stock lpr
Author: Steven Friedrich 
Date:   23-08-04 21:44

The cups-lpr port takes care of hiding the BSD versions of lpr, lp. And the Makefile tells you to add two lines to /etc/make.conf to prevent installworld from undoing what the Makefile does.

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum