[cups.development] A postscript rendering filter

Michael Sweet mike at easysw.com
Mon May 22 12:07:05 PDT 2006 

Matt Anderson wrote:
> Michael Sweet wrote:
>> You *do* know that CUPS includes specific features for this, right?
>> The Classification directive and page-label option provide this very
>> functionality, and it is good enough for the US DoD to use (and was
>> specifically designed for that...)
> 
> I was aware of Classification, but not page-label.  In my case I have to
> use unix domain sockets for the client server communication channel in
> order to use getpeercon() to query the client's SELinux context.  I'm
> not sure that I could use page-label since the way I read it that would
> be used to have lpr tell the spooler what the label is.  I can't trust
> lpr which is why I'm having the spooler query the socket so that the
> label information comes directly from the SELinux security server.

You should just set the job-sheets attribute using the context you
get via the domain socket.  That said, the context of the application
may not reflect the context of the document being printed...

> One suggestion Stephen Smalley had was an advisory label which instead
> of using the SELinux context for the user's session which exec'ed the
> lpr the advisory label would contain the label of the file which was
> being printed.  It seems to me that page-label could be useful for that
> feature.

I don't think this will work, since lp and lpr are only two ways of
submitting jobs to CUPS.  KDE and GNOME applications both use the
native CUPS API now, so that will also need to be taken into
consideration.  If you change things at the CUPS API level then
you should be well covered...

>> You can run any PostScript input through Ghostscript to generate
>> printer-independent PostScript and then run it through the existing
>> pstops filter to get around malicious PS code.
> 
> This seems like it would get around the postscript directives 'file' and
> 'run', but not a postscript document which overloaded showpage to
> rewrite the banners.

But the security banners would be added to the sanitized PostScript,
not to the original PostScript, so even if the user added showpage
magic to the original document, that would not be passed on in the
pswrite output from Ghostscript...

>> CUPS raster is already supported by Ghostscript, can provide high-
>> resolution images, and can easily be interfaced with laser and inkjet
>> printers.  It should be trivial to watermark this data and then pass
>> it to any of the existing CUPS raster drivers...
> 
> CUPS raster sounds like it could work for my purposes.  Other than the
> source code do you have any suggestions for documentation about this?  I
> noticed its listed as coming soon on the website.

Where?  When I click on the CUPS Raster Format HTML link, I get the
correct HTML...

Also, the current CUPS book talks about it, as does the CUPS DDK
manual.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Internet Printing and Document Software          http://www.easysw.com

More information about the cups-devel mailing list