lpd / lpr security issues.

Alain De Vos · 2026-03-14T16:22:38+0000

Can someone with knowledge elaborate. I'm one person , one pc, running meany services behind a firewall.
But could i print a very,very,very, bad stuff, which takes over control of my pc ? Because of data in it ?

Maturin · 2026-03-14T16:28:23+0000

I don't think the vulnerability comes from any code hidden in some printer language, but the demon providing the service, especially on servers and networks is attackable.

Alain De Vos · 2026-03-14T17:08:32+0000

This does not sound good to me. And so CUPS is safe ?

schweikh · 2026-03-14T18:04:40+0000

Who knows whether CUPS is safe. I'd start by looking at CUPS's vulnerability history in the relevant vulnerability databases and form an opinion.

mer · 2026-03-14T18:05:13+0000

Either one is "safe enough" if you deploy it safely.
If the printer is locally attached to the system, put firewall rules in place to block any incoming connection attempts.
That means you can only connect to the printer daemon from localhost.
cups normally opens port 631 as a listening port, so set your firewall rules to only allow connections to 631 from localhost.

If your printer has a WiFi or Bluetooth connection, disable it

cracauer@ · 2026-03-14T19:12:05+0000

Cups has security issues. We just don't know them yet.

As far as lpr/lpd is concerned, des@ has not published anything specific, nor can he while most existing FreeBSD installations still run it.

Alain De Vos · 2026-03-14T19:21:56+0000

I have totally no problems it going from base to ports. Base should be clean.
& then i did ,

Code:

gs -q -dNOPAUSE -dBATCH -sDEVICE=pxlmono \
   -dDuplex=true -dTumble=false \
   -sOutputFile=output.prn \
   -c "<</Duplex true /Tumble false>> setpagedevice" \
   -f $1

My stupid brother printer liked prn. No idea what format of .prn is. Nor which part is pxlmono...

lpd / lpr security issues.

Alain De Vos

Maturin

Alain De Vos

schweikh

mer

cracauer@

Alain De Vos