Comment # 4 on bug 1128467 from 
The IJS server program is passed to gs with the command line option 
"-sIjsServer=hpijs". This command line comes from the PPD file directly, which
is part of the hplip-hpijs package:

> *FoomaticRIPCommandLine: "gs -q -dBATCH -dPARANOIDSAFER -dQUIET -dNOPA&&
> USE -sDEVICE=ijs -sIjsServer=hpijs%A%B%C -dIjsUseOutputFD%Z -sOutputFi&&
> le=- -"

So, maybe we could fix this by changing ghostscript's ijs_exec_server() such
that it only execp()'s certain kown commands, such as "hpijs", rather than
invoking them with the shell directly, and add those commands to the apparmor
profile.

Thoughts?

You are receiving this mail because: