Adam> I guess I may specify a mode for these files :) But AFAIK, this is
Adam> not really a security hole. It is just a log of what filters dump
Adam> to stderr. From manpage,
Adam> "Messages printed on stderr of one of the filters are sent to the
Adam> corresponding lf file", where lf is the /var/log/lp-errs by
Adam> default.
Yes, so what goes into the file depends on the filter. And that can be
anything, up to a copy of the data. Here's what
/etc/foomatic/filter.conf says about its "debug" option which redirects
this stream to a file in /tmp:
# Enable debug output into a logfile in /tmp/foomatic-rip.log.
# It will contain status from this filter, plus Ghostscript stderr output.
#
# WARNING: This logfile is a potential security hole; do not use in production.
#
# Priority low
debug: 0
... so when debug == 0 all this information simply goes to stderr, which means
lp-errs (well foomatic cleverly doesn't tell you this last part, but then they
do warn you that lpd support is mostly an afterthought).
My workaround was to simply add -p to savelog options, which seems to
work well enough.
--
She had a passion for anyone who could do anything really well.
... "Not for an engineer, not for a technician!"
Mikhail Bulgakov, The Master & Margarita
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
