[cups.development] A postscript rendering filter

[Matt Anderson]

Michael Sweet wrote:
> You *do* know that CUPS includes specific features for this, right?
> The Classification directive and page-label option provide this very
> functionality, and it is good enough for the US DoD to use (and was
> specifically designed for that...)

I was aware of Classification, but not page-label.  In my case I have to
use unix domain sockets for the client server communication channel in
order to use getpeercon() to query the client's SELinux context.  I'm
not sure that I could use page-label since the way I read it that would
be used to have lpr tell the spooler what the label is.  I can't trust
lpr which is why I'm having the spooler query the socket so that the
label information comes directly from the SELinux security server.

One suggestion Stephen Smalley had was an advisory label which instead
of using the SELinux context for the user's session which exec'ed the
lpr the advisory label would contain the label of the file which was
being printed.  It seems to me that page-label could be useful for that
feature.

> You can run any PostScript input through Ghostscript to generate
> printer-independent PostScript and then run it through the existing
> pstops filter to get around malicious PS code.

This seems like it would get around the postscript directives 'file' and
'run', but not a postscript document which overloaded showpage to
rewrite the banners.

> CUPS raster is already supported by Ghostscript, can provide high-
> resolution images, and can easily be interfaced with laser and inkjet
> printers.  It should be trivial to watermark this data and then pass
> it to any of the existing CUPS raster drivers...

CUPS raster sounds like it could work for my purposes.  Other than the
source code do you have any suggestions for documentation about this?  I
noticed its listed as coming soon on the website.

thanks
-matt