OT:Multifunction Printers: The Forgotten Security Risk
Bill Campbell
bill at celestial.com
Fri Feb 15 09:05:57 PST 2008
On Fri, Feb 15, 2008, Bob Rasmussen wrote:
>On Thu, 14 Feb 2008, Bill Campbell wrote:
>
>> On Thu, Feb 14, 2008, Bob Rasmussen wrote:
>> >On Thu, 14 Feb 2008, Bill Campbell wrote:
>> >
>> >> I've been doing secure network printing for the better part of 20 years
>> >> using secure shell to transfer print jobs between *nix systems.
>
>Bill,
>
>On the subject of moving print jobs via SSH: are you doing this within the
>LPD/LPR system so that it is totally flow-through? Or are you talking
>about SFTP-ing a file from one system to another, then printing it?
I have built a system that works with standard SYSV lp/lpadmin
interface scripts as well as the older BSDish lpr filters with a
front-end script that is in the PATH before /usr/bin/lp[r].
The front-end looks at a file which maps printer names to actual
printers on systems, that is for each printer name, it has a real
printer name and the system which has the printer. If the printer
is the local system, then it passes the print job through to the
systems /usr/bin/lp or /usr/bin/lpr command. If it's remote, it
uses ssh to pass the print job to my front-end script on the
remote system, which then goes through the same procedure (one
could conceivably have a print job in a loop :-).
Once it gets to the system's printing system, my interface script
then does run-time translation of normalized print codes to the
destination printer using a file modeled on the old /etc/ttytype
file used for terminal control. The script parses the SYSVish
printer options to modify behavior, with an option to simply pass
the print job through to the printer with not translation if
it's a binary file or produced by a program that thinks it knows
what it's doing with the print job. On BSDish systems, the front
end script inserts the SYSV options at the first line of the
print job, and the filter reads this line to get the options.
The interface/filter scripts do some cleanup on text print jobs
including stripping trailing whitespace from lines, and stripping
extra blank lines at the end of the print job to prevent the
extra blank page when the final FF or ESC-E is sent to the
printer to eject the last page.
The whitespace cleanup was originally done to get rid of Tandy/RealWorld's
accounting software's CRLF at the end of lines which would double
space on Tandy printers. It will, if necessary, insert special
line-ending codes if the printer requires it.
The printer codes are in a termcap style file, and contains
things like initialization strings to set duplex on/off, LPI,
etc. at the beginning of the print jobs.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
The whole aim of practical politics is to keep the populace alarmed (and
hence clamorous to be led to safety) by an endless series of hobgoblins.
-- H.L. Mencken, 1923
More information about the Filepro-list
mailing list