|
Author: Rob
Date: 15-11-02 02:54
Regarding step 8 --
It's a bad idea to put /usr/local/bin ahead of /usr/bin in your path. It can make it easier to trojan your system -- a rogue program (or person) could slip a script named "ls" in your /usr/local/bin and "hijack" your commands. Granted, this would require permission... but people tend to be a lot more lax about /usr/local.
Also, it could cause you to execute the wrong version of a command if you have more than one version installed.
A better Step 8 would be:
8a. Move all of the lpr-related binaries out of /usr/bin into a new directory that is not in the normal execution path. You may want to tar up the directory.
8b. Edit /etc/make.conf and uncomment the line that contains "NO_LPR=true". This will prevent make from installing the lpr components when you rebuild the system from source.
|
|
Reply To This Message
|
|
Author: Gerard Samuel
Date: 27-11-02 14:14
Understandable. Here is what I did to replace step 8 ->
a. Go to /usr/bin
cd /usr/bin
b. Back up print files.
tar cvfz default_print_binaries.tgz lp*
c. Move compressed files to a safe place. (Its up to you)
mv default_print_binaries.tgz ~
d. Remove Default Print binaries.
rm /usr/bin/lp*
e. Edit /etc/make.conf and add if not there
NO_LPR=true
|
|
Reply To This Message
|
|
Author: g2k
Date: 30-11-02 15:44
one should also make sure that the CUPS printer name is the same as the samba printer share to avoid that "client_error_not possible" thing.
|
|
Reply To This Message
|
|
Author: Luis
Date: 25-12-02 18:46
Concerning Rob's observations: Rob what level of expertise must somebody have to have deduced/learned the /usr/local/bin-trojan horse issue that you are discussing? I am not new to FreeBSD, have installed/used it for over two years and that comment is beyond my knowledge base. Thanks. Luis
|
|
Reply To This Message
|
|
Author: Steven
Date: 27-12-02 19:11
1)
My CUPS installation was not as nice as the article explains it is.
I installed my HP Deskjet 5550 with the CUPS new HP Driver whatever that is and all i get is "Unable to convert file 0 to printable format for job 12!" error message.
It seems, that /usr/ports/print/cups-pstoraster is missing in my system, which i am installing now. Lets see if its working better then.
2)
This is the wrong place for a security discussion. If you are concerned that your /usr/local is insecure just leave it. I can imagine 100 other things to do to compromise your system than placing a trojan ls command in /usr/local/bin.
|
|
Reply To This Message
|
|
Author: Gerard Samuel
Date: 27-12-02 19:18
I found this at the CUPS FAQ...
http://www.cups.org/faq0020.html
Maybe it applies to you....
|
|
Reply To This Message
|
|
Author: deman
Date: 28-12-02 23:07
While this is not a security place, I think we should be working from start with security in mind. Rob comment is good for me because I want to make sure that whatever I do will not impair my system security
|
|
Reply To This Message
|
|
Author: JoeBob
Date: 29-08-03 04:04
Also, if yer feeling lazy - the cups build will install ghostscript without the seperate make ghostscript.
|
|
Reply To This Message
|
|
Author: Steven Friedrich
Date: 23-08-04 21:44
The cups-lpr port takes care of hiding the BSD versions of lpr, lp. And the Makefile tells you to add two lines to /etc/make.conf to prevent installworld from undoing what the Makefile does.
|
|
Reply To This Message
|
|
