2014-06-20 16:15 GMT+09:00 Ludwig Nussel :

1xx wrote:

...

I want the "cups-pdf" to go into official repository.

CUPS-PDF is a PDF writer backend for CUPS. Official site: http://www.cups-pdf.de/

Uh, it runs as root and writes into directories owned by some user?

Sure, CUPS-PDF accepts the demands from users, and runs as root. We need to be careful.

Better ask security to take a look.

What should I do? Should it contact to opensuse-security ML? I wrote:

I request role of "bug owner". https://build.opensuse.org/request/show/238120

It was declined. -- 1xx https://twitter.com/ItSANgo Mitsutoshi NAKANO http://d.hatena.ne.jp/Itisango/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, Am Freitag, 20. Juni 2014 schrieb Ludwig Nussel:

1xx wrote:

...

I want the "cups-pdf" to go into official repository.

CUPS-PDF is a PDF writer backend for CUPS. Official site: http://www.cups-pdf.de/

Uh, it runs as root and writes into directories owned by some user? Better ask security to take a look.

Does it at least write to a "hardcoded" location (for example ~/cupspdf) in the user's home directory? If yes, shipping it with an AppArmor profile would be a good idea. (If needed, I can help you to fine-tune the profile, however I'm too busy at the moment. I'll have more time in July - at least I hope so ;-) Even if the output directory is user-configurable, having an AppArmor profile could help to avoid access to security-critical files - but of course a restriction like "only allow write access in ~/cupspdf" is much more secure. Regards, Christian Boltz -- Linux - und dein PC macht nie wieder blau. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 20 June 2014 14:07, 1xx wrote:

By default, CUPS-PDF outputs to /var/spool/cups-pdf/. ... Ubuntu customizes it to "{$HOME}/PDF". Fedora customizes it to "{$DESKTOP}".

The openSUSE's "Printing/cups-pdf" uses default. I think that "maintenance of the status quo" is desirable. Because many users have already used "Printing/cups-pdf".

Using /var/spool/cups-pdf is *very* un-discoverable to the average new user and shouldn't be used. Using the name "CUPS" in anything should also be discouraged as the average user doesn't know what that is (nor should they ever need to learn). Placing it somewhere in their home directory is not only more obvious but also probably more secure. I'd suggest not to use $Desktop though as modern KDE doesn't show desktop icons by default, so something like {$HOME}/PDF or "{$HOME}/Documents/PDF Printer" makes most sense to me. John. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

2014-06-21 0:04 GMT+09:00 Yamaban :

On Fri, 20 Jun 2014 16:49, John Layt wrote:

...

On 20 June 2014 14:07, 1xx wrote:

...

...

Ubuntu customizes it to "{$HOME}/PDF". Fedora customizes it to "{$DESKTOP}".

...

Using /var/spool/cups-pdf is *very* un-discoverable to the average new user and shouldn't be used. Using the name "CUPS" in anything should also be discouraged as the average user doesn't know what that is (nor should they ever need to learn). Placing it somewhere in their home directory is not only more obvious but also probably more secure. I'd suggest not to use $Desktop though as modern KDE doesn't show desktop icons by default, so something like {$HOME}/PDF or "{$HOME}/Documents/PDF Printer" makes most sense to me.

From the security aspect, either create a 'run-as-user' wrapper and allow writing in $HOME (I'd prefer a subdir, like {$HOME}/PDF or "{$HOME}/Documents/PDF_Printer") or, let it run as root, and use /var/spool/cups-pdf/$USER/ with a link created in $HOME, see preferred names above, pointing there.

Although it swerves from a subject for discussion, Xdg user directories (Desktop, Documents...) are un-userfriendly. https://wiki.archlinux.org/index.php/Xdg_user_directories I think that us-ascii users hardly feels a problem. But, the other characters cannot be displayed by console. At CJK, we cannot input characters by console. Therefore, we can not even cd to Xdg user directories. By GUI, when IME breaks down, we can not cd to them too. Then, in Japan, many people changed to English directories. http://lists.opensuse.org/archive/opensuse-ja/2013-02/msg00013.html Therefore, I am opposed to the proposal which makes files or directories to Xdg user directories. I like $HOME/PDF. -- 1xx https://twitter.com/ItSANgo Mitsutoshi NAKANO http://d.hatena.ne.jp/Itisango/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Jun 23 18:19 1xx wrote (excerpt):

I wrote a mail to opensuse-security ML. http://lists.opensuse.org/opensuse-security/2014-06/msg00017.html

Johannes gave the reply.

...

Do the necessary changes to get the resulting PDF delivered to the users home directory. With that writing a AppArmor policy should be straight forward. If you provide a policy I'll review it.

That "Johannes" was not me. Who was it? I don't see a reply on http://lists.opensuse.org/opensuse-security/2014-06/msg00017.html Regardless who wrote what: Mitsutoshi Nakano, I appreciate very much that you work on cups-pdf. Please continue your work - or alternatively focus on boomaga. Regarding cups-pdf there is also https://features.opensuse.org/312322 In the end openSUSE should provide a single consistent solution for the general "make a PDF file" issue. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

2014-06-23 19:21 GMT+09:00 1xx :

2014-06-23 18:56 GMT+09:00 Johannes Meixner :

...

On Jun 23 18:19 1xx wrote (excerpt):

...

Johannes gave the reply.

...

Do the necessary changes to get the resulting PDF delivered to the users home directory. With that writing a AppArmor policy should be straight forward. If you provide a policy I'll review it.

That "Johannes" was not me. Who was it? I don't see a reply on http://lists.opensuse.org/opensuse-security/2014-06/msg00017.html

Regardless who wrote what:

Johannes Segitz said it. It is a whole sentence.

I noticed now, its mail was delivered only to me. I apologize for having shown inaccurate URL.

About cups-pdf, I will write later.

-- 1xx https://twitter.com/ItSANgo Mitsutoshi NAKANO http://d.hatena.ne.jp/Itisango/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Jun 24 15:36 1xx wrote (excerpt):

The needs to print on a virtual printer exists.

Why? What should "a virtual printer" actually mean for the user? What final user's goal is solved by "a virtual printer"? I mean this questions very seriously, see "Background Information regarding Print as PDF versus Save as PDF" at http://en.opensuse.org/SDB:Printing_to_PDF and in https://features.opensuse.org/312322 (excerpt): ------------------------------------------------------------------ Johannes Meixner wrote: (3 years ago) ... Regarding making a PDF file from applications or from the desktop: ... If this is the acutal reason for this feature request, please file either bug reports or feature requests for the particular applications or desktops which can no longer make PDFs. ... Tim Edwards wrote: (3 years ago) As Johannes Meixner pointed out most apps already have this functionality without requiring going down the hacky route of having a CUPS pdf 'printer' setup. It just looks complicated (and therefore buggy) and exposes the system to all sorts of potential security issues, Opensuse should ship as secure as is reasonable for a desktop system. ------------------------------------------------------------------ For me a printer is a piece of hardware that produces a printout and for me a printout is a piece of printed paper. I only need a printer when my final goal is to have a piece of printed paper. Personally I don't have a use case for "a virtual printer".

But, printing systems need root,

Not in general. Only the cupsd runs as root to do things that need root privileges. Filters and backends (see http://en.opensuse.org/SDB:CUPS_in_a_Nutshell) are usually run by the cupsd as user lp (switch user is one of the things why cupsd needs root privileges), see "man 7 backend": ------------------------------------------------------------------------ PERMISSIONS Backends without world execute permissions are run as the root user. Otherwise, the backend is run using the unprivileged user account, typically "lp". ------------------------------------------------------------------------ Regarding let a CUPS backend write its output into a file in a user's home directory: The user lp is not allowed to write into a user's home directory. The user root has unlimited permissions so that root can do everything but that does notably not mean that root is allowed to do everything. In particular root cannot protect himself from himself (only complicated kernel stuff like AppArmor can be used to cage root): --------------------------------------------------------------------- # id uid=0(root) gid=0(root) groups=0(root) # touch testy # chmod a-rw testy # ls -l testy ---------- 1 root root 0 Jun 24 09:54 testy # echo hello >>testy # ls -l testy ---------- 1 root root 6 Jun 24 09:55 testy # cat testy hello --------------------------------------------------------------------- Therefore unlimited permissions mean that root must be much more careful than a normal user not to do things that should not be done because there is no permission check that could protect root from doing something wrong. I think that root is not allowed to write into a user's home directory. I think only the user himself is allowed to write into his own home directory. Perhaps this way it might be allowed that a CUPS backend writes its output into a file in a user's home directory: When the CUPS backend runs as root it could switch user to the user/owner of a particular home directory and then write into that home directory as its owner. This way at least the user's own permission settings would apply when the CUPS backend writes as the user in his home directory. I am not at all a security expert so that I cannot decide if this way is really sufficiently secure or if it only looks like being secure but actually it isn't (e.g. because usually the user's own permission settings allow everything in his own home directory). Regardless of how it might be finally correctly implemented to write into a file in a user's home directory: I think first and foremost we need to understand and agree what final user's goal is solved by "a virtual printer". Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-06-24 14:43, Carlos E. R. wrote:

However, some applications do not have it, and in this case having a printer that instead creates local postcript or pdf files in a directory is interesting.

I forgot to mention: printing all PDFs to a single common directory, owned by some system user (not root) and readable by all, is not in itself always that bad. If I print paper to an office printer, anybody can pick the papers up, if I'm not watching closely. :-} Although it would be better for the files to have the permissions of the user that generated the jobs, be it either at the home directory, or at the spool directory (like mail does). And better if using a different directory per user. An alternative is having the tool email the file to the user: it would automatically get the proper permissions. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOpdFwACgkQtTMYHG2NR9Vf1wCfe5ft2Sn2b4a6A1GmdioVAI4M qhcAn0YUx/IhXYXLhYs++pJ3yDgTLOjm =325t -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Jun 24 14:43 Carlos E. R. wrote (excerpt):

creates local postcript or pdf files

Your final goal is to get a PostScript or PDF file. In this case see what I wrote at https://features.opensuse.org/312322 (excerpt): ---------------------------------------------------------------------- Johannes Meixner wrote: (3 years ago) ... Regarding making a PDF file from applications or from the desktop: ... If this is the acutal reason for this feature request, please file either bug reports or feature requests for the particular applications or desktops which can no longer make PDFs. ---------------------------------------------------------------------- For "Background Information regarding Print as PDF versus Save as PDF" see http://en.opensuse.org/SDB:Printing_to_PDF Of course as a workaround you can download, install, and use cups-pdf. We have it in the OBS "Printing" repository for that kind of use case. But my question was meant regarding whether or not cups-pdf should now get "officially blessed" by openSUSE as a right solution how openSUSE users should make PDF files. If openSUSE decides that cups-pdf is a right way to make PDF files it is perfectly o.k. for me ( I am not maintainer of cups-pdf ;-) Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

On 2014-06-24 15:16, Johannes Meixner wrote:

Hello,

On Jun 24 14:43 Carlos E. R. wrote (excerpt):

...

creates local postcript or pdf files

Your final goal is to get a PostScript or PDF file.

In this case see what I wrote at https://features.opensuse.org/312322 (excerpt):

I saw it already :-)

---------------------------------------------------------------------- Johannes Meixner wrote: (3 years ago) ... Regarding making a PDF file from applications or from the desktop: ... If this is the acutal reason for this feature request, please file either bug reports or feature requests for the particular applications or desktops which can no longer make PDFs. ----------------------------------------------------------------------

Good luck requesting that of Flash :-p

Of course as a workaround you can download, install, and use cups-pdf. We have it in the OBS "Printing" repository for that kind of use case.

Exactly.

But my question was meant regarding whether or not cups-pdf should now get "officially blessed" by openSUSE as a right solution how openSUSE users should make PDF files.

Not in the official selection, no. I agree with you there. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

Hello, mainly for further information: On Jun 25 19:19 1xx wrote (excerpt):

2014-06-24 17:53 GMT+09:00 Johannes Meixner :

...

What should "a virtual printer" actually mean for the user? What final user's goal is solved by "a virtual printer"?

I think that there are the users whom they want to output for data except the papers by a procedure same as print.

Of course experienced users can (mis?)-use the printing system to convert any input data format into any output data format and additionally to deliver the output data to any destination (provided there exist programs that actually implement the data conversion and delivery) because the printing system can be arbitrarily enhanced with any filters and backends, see http://en.opensuse.org/SDB:Using_Your_Own_Filters_to_Print_with_CUPS and http://en.opensuse.org/SDB:Using_Your_Own_Backends_to_Print_with_CUPS This way an experienced user could have print queues for his usual mail receivers and "just print" instead of manually sending mails optionally with conversion of the original data into plain text or he could have a print queue to upload content onto a server with conversion of e.g. plain text input into the server's specific data format (e.g. HTML) or whatever else he may like. Accordingly there can be various enhancement packages for the printing system that implement various kind of such special use cases. I think such special use cases are no misuse of the printing system so that there is nothing wrong with such special enhancement packages but I think such special enhancement packages are neither needed nor really helpful in the "officially blessed" set of openSUSE packages. Another possible workaround how to make a PDF: Since the general move from PostScript to PDF as standard print job data format (see http://en.opensuse.org/Concepts_printing) all applications that can print should be able to produce PDF. When applications produce PDF as print job data but provide no "Export/Save as PDF" functionality, as workaround one may have any print queue where printing is disabled so that the application's PDF print job data is kept as print job data file /var/spool/cups/d<job-number>-<file-number> but by default only root and lp can access it - just a litte selfmande backend as workaround on top of the workaround... Note that even when applications produce PDF as print job data, there is still a distinction between "Print" and "Export/Save as PDF", see http://en.opensuse.org/SDB:Landscape_Printing#Again_there_is_a_subtle_distin... Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

Hello, On Jun 20 09:15 Ludwig Nussel wrote):

1xx wrote:

...

I want the "cups-pdf" to go into official repository.

CUPS-PDF is a PDF writer backend for CUPS. Official site: http://www.cups-pdf.de/

Uh, it runs as root and writes into directories owned by some user? Better ask security to take a look.

FYI see http://en.opensuse.org/SDB:Printing_to_PDF In the past cups-pdf was always rejected to be provided "out of the box" in an official release to all our users because its security issues have not been solved. If we would make it by default sufficiently secure so that arbitrary users can "just install" it on arbitrary systems, it would be useless. Of course users who know what they do can download, install, and use it. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

2014-06-21 3:21 GMT+09:00 Kyrill Detinov :

On Fri, 20 Jun 2014 14:26:04 +0900 1xx wrote:

...

I want the "cups-pdf" to go into official repository.

CUPS-PDF is a PDF writer backend for CUPS. Official site: http://www.cups-pdf.de/

Please, try a "boomaga" package. It is maintained in Factory.

Размер установки:551,5 KiB Резюме:Virtual Printer for Viewing a Document before Printing Описание: Boomaga (BOOklet MAnager) is a virtual printer for viewing a document before printing it out using the physical printer. The program is very simple to work with. Running any program, click "print" and select "Boomaga" to see in several seconds (CUPS takes some time to respond) the Boomaga window open. If you print out one more document, it gets added to the previous one, and you can also print them out as one. Regardless of whether your printer supports duplex printing or not, you would be able to easily print on both sides of the sheet.

I think, "Boomaga" is more advanced than CUPS-PDF.

I installed boomaga to openSUSE 13.1.

From LibreOffice, I printed to Boomaga printer. But I can not get Boomaga Window nor fies.

I changed X's ACL, but can not get them yet.

xhost +x

tail /var/log/cups/access_log ocalhost - - [21/Jun/2014:04:21:37 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 206 Create-Job successful-ok localhost - - [21/Jun/2014:04:21:37 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 4054 Send-Document successful-ok localhost - - [21/Jun/2014:04:22:51 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 221 Create-Job successful-ok localhost - - [21/Jun/2014:04:22:51 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 4054 Send-Document successful-ok localhost - - [21/Jun/2014:04:35:42 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 221 Create-Job successful-ok localhost - - [21/Jun/2014:04:35:42 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 4054 Send-Document successful-ok localhost - - [21/Jun/2014:04:59:15 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 221 Create-Job successful-ok localhost - - [21/Jun/2014:04:59:15 +0900] "POST /printers/boomagaprinter HTTP/1.1" 200 4054 Send-Document successful-ok

Would you teach usage? -- 1xx https://twitter.com/ItSANgo Mitsutoshi NAKANO http://d.hatena.ne.jp/Itisango/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org

2014-06-21 10:19 GMT+09:00 Satoru Matsumoto :

1xx wrote:

...

I installed boomaga to openSUSE 13.1.

...

From LibreOffice, I printed to Boomaga printer.

But I can not get Boomaga Window nor fies.

I installed boomaga package from Printing/openSUSE_13.1 (not Factory) repository via 1-Click install and it just worked fine.

$ rpm -qa | grep boomaga boomaga-0.5.0-4.1.x86_64 boomaga-lang-0.5.0-4.1.noarch

Which package and how have you installed?

I installed openSUSE13.1's Printing/boomaga from http://software.opensuse.org/package/boomaga?search_term=boomaga too.

rpm -qa | egrep boomaga boomaga-lang-0.5.0-4.1.noarch boomaga-0.5.0-4.1.x86_64

I removed them.

sudo zypper rm boomaga-lang boomaga And I reinstalled them. sudo zypper install boomaga-lang boomaga

I selected "printing" on Firefox. Now, I found the printer of "Boomaga"! I printed to it, then I could see Boomaga Window. By installation before one, I could not find the printer of "Boomaga", then I started YaST, and added "boomagaprinter". Thanks! -- 1xx https://twitter.com/ItSANgo Mitsutoshi NAKANO http://d.hatena.ne.jp/Itisango/ -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org