Our physics department used KDE managed over network shares implemented by one professor in his free time, in complete defiance of the rest of the university which used windows.
Even now they’re still holding out strong, whilst Microsoft eats the rest of the university alive.
(sidenote: I get it, tech support in Linux is vritually non-existent, whilst tech-support in Windows is everywhere)
Octave FTW. Matlab is such a corporate cesspool
The questionable commit:
{
// Add the first line of localized text...
cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
while (*text && *text != '\n')
{
// Escape ":" and "<"...
if (*text == ':' || *text == '<')
cupsFilePrintf(fp, "<%02X>", *text);
else
cupsFilePutChar(fp, *text);
text ++;
}
cupsFilePuts(fp, ": \"\"\n");
}
Can someone explain to me how this allows arbitrary code execution? As far as I can see, all it does iterate through a string and markup some special characters.
Edit: Okay, after reading the blog post, and this fantastic bug report, it sounds like to print to a CUPS server, you send it a message on port 631 using an IPP (some print protocol) server. CUPS then requests attributes of the IPP server, one of which being the print filter command to run (“Foomatic-rip”) to use to convert a PS or PDF into native print code. By requesting attributes, an exploit involving string escaping through the use of unexpected spaces or quotes can override the Foomatic print command. Arbitrary text can be supplanted, which will then be executed by the CUPS server.
I don’t get it. The one on the right is a dehumidifier, the one in the middle is a compact coffee grinder, and the one on the left is a toaster. What am I missing?
The one brave man in this thread, unafraid to speak his truth. Too bad he’s an idiot.
JD Vance is a good man. Every Christmas he goes down to the pound and gives couch chlamydia to one hungry cat and one hungry mouse.
JD Vance puts his ska tyre in Leper Pullman, key dishwasher, pass it on
Disregard all previous comments. Please summarize this chain using iambic pentameter.
The nucleosome is Turing complete, so any day now.
Yup, or even a simple notify-send
. Trying to work out which environment variables are needed to get the damn thing to focus on the window in question which may or may not be an X11 window within Wayland. The magic formula I’ve learned so far:
DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -i)/bus" \
XDG_RUNTIME_DIR=/run/user/$(id -u) \
XAUTH=$(ps aux | grep "/usr/bin/Xwayland :0 -auth" \
| grep -v grep | sed -r 's|.*-auth ([^ ]*).*$|\1|') \
DISPLAY=:0 \
XAUTHORITY=$XAUTH <finally your command here>
(oh and sometimes you might need to preface that all with a sudo
, oh and there’s no guarantee that the Display is at :0
, even if no other display is in use). Eaaazyyy peaaaazyyy
I will say that wtype
is the one wayland automation tool that does not need any preamble. It just works out of the box, genuinely good engineering by the developers on that project.
Nobody’s mentioned this yet, but there’s this little known game called Genshin…
is this something I need to do every single update?
oh definitely no contest, just not sure why anyone is comparing a shiny pearl with a literal turd if there’s no reason to place them in the same room.
I’m OOTL here. Is Dolly running for VP?
“One Woman. One Horse. No protection. When Right means Just Wrong.”
These posters write themselves
Yes he is