98 lines
3.6 KiB
Plaintext
98 lines
3.6 KiB
Plaintext
These notes are for the guidance of distributions that include pnm2ppa:
|
|
---------------------------------------------------------------------
|
|
|
|
Notes on secure installation of pnm2ppa.
|
|
|
|
What pnm2ppa does:
|
|
|
|
1. It attempts to open and read a configuration file
|
|
"/etc/pnm2ppa.conf", and then any additional configuration
|
|
files with paths specified by the -f command line option.
|
|
|
|
These paths are checked to be shorter than MAXPATHLEN before
|
|
they are used, otherwise pnm2ppa terminates.
|
|
|
|
GNU getopt() is used to process options.
|
|
|
|
2. It opens an input file (-i option) to receive pnm data.
|
|
The pnm format and page size is taken from the header.
|
|
|
|
If the header does not correspond to a valid pnm format, the rest
|
|
of the data is rejected, and pnm2ppa terminates.
|
|
|
|
The input file path is checked to have a length less than
|
|
MAXPATHLEN, as determined at compilation time.
|
|
|
|
3. It opens an output file (-o option) to send ppa data
|
|
(for the printer).
|
|
|
|
The output file path is checked to have a length less than
|
|
MAXPATHLEN.
|
|
|
|
|
|
4. (unless the --noGamma option is specified) it tries to read color
|
|
correction data from "/etc/pnm2ppa.gamma", or an alternate file with
|
|
a path specified by the -F command line option.
|
|
|
|
Such paths are also checked to be shorter than MAXPATHLEN before
|
|
they are used.
|
|
|
|
If this data exists, but is not successfully read, pnm2ppa terminates.
|
|
(See COLOR.txt).
|
|
|
|
5. pnm2ppa opens and writes to the syslog with informational messages
|
|
about its progress, or, if it terminates, with an error message.
|
|
If it is working in --verbose mode, these messages are also sent
|
|
to stderr.
|
|
|
|
No strings derived from user input to pnm2ppa are included in syslog
|
|
messages. Syslog messages must fit in a string of length < 128.
|
|
They can be suppressed with a keyword "silent 1" in the default
|
|
system configuration file (/etc/pnm2ppa.conf), but not from
|
|
user-specified config files (from -f option).
|
|
|
|
All syslog actions by pnm2ppa are "wrapped": message strings
|
|
produces in the rest of the program are only sent to the syslog by
|
|
code in syslog.c. This is also where openlog() and closelog() are
|
|
called.
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
Recommendations:
|
|
|
|
-- do *NOT* install pnm2ppa suid/guid, if is possible that a
|
|
"malicious user" might run it. The output file specified
|
|
with the -o option could overwrite files to which the user
|
|
has no write permission.
|
|
|
|
|
|
-- since pnm2ppa works as an output filter for gs, it only needs the
|
|
same privileges that gs would need. If lpr is available, pipe
|
|
the pnm2ppa output though "lpr -l ..." to the appropriate printer
|
|
rather than directly sending it to e.g. /dev/lp0 (in the latter case,
|
|
write privileges on /dev/lp0 would be needed.)
|
|
|
|
--------------------------------------------------------------
|
|
|
|
Other (optional) programs in the distribution:
|
|
|
|
Do NOT install these suid/gid!
|
|
|
|
calibrate_ppa.c:
|
|
This is used to produce various ppmraw format PixMap images
|
|
used with pnm2ppa for printer calibration. Note: these
|
|
PixMaps are LARGE (100MB!!) and should generally be piped
|
|
directly to pnm2ppa.
|
|
|
|
THIS SHOULD USUALLY BE INSTALLED.
|
|
|
|
parse_vlink.c
|
|
a utility useful in debugging pnm2ppa that can interpret
|
|
ppa format output instructions to the printer, whether
|
|
produced by pnm2ppa, or captured from the Windows9x drivers.
|
|
It is in the ppa_protocol subdirectory, and is not compiled
|
|
by default.
|
|
|
|
THIS IS NOT USUALY INSTALLED.
|
|
|