Vulnerable CUPS but snazzy FreeBSD 5.0

After a short holiday break, things in open source land are in full swing. First, the obligatory security hole warning for a piece of commonly deployed software. Just before Christmas, a warning went out about the Common Unix Printing System.

After a short holiday break, things in open source land are in full swing. First, the obligatory security hole warning for a piece of commonly deployed software. Just before Christmas, a warning went out about CUPS, or the
Common Unix Printing System, containing multiple vulnerabilities.

The vulnerabilities are serious, and remotely exploitable. The CUPS versions affected are ones prior to 1.1.18, so ensure you upgrade now.

Although your favourite vendor is likely to have issued a security advisory already, it’s worth repeating the warning because CUPS has become widely developed of late. It’s an excellent piece of software that addresses one of the largest missing pieces in the Unix and clones puzzle: easy printing.

CUPS uses the internet printing protocol (IPP), which I looked into many years ago. Hewlett-Packard was very excited about it, and mentioned fanciful applications like print-on-demand for creating newspapers on the fly for train and plane travellers, for instance.

I’m a happy CUPS camper myself: it’s running on my Linux server, and thanks to IPP, I can print easily from Windows XP systems, Unix machines and even the Apple iLamp (MacOS X 10.2 comes with CUPS, which makes remote and local print sharing easy). As long as the client operating system understands IPP, all you need to do is enter a certain command and you’re away. CUPS can be made to support a raft of different printers, using Postscript printer description files (even Windows ones) plus the Ghostscript Postscript interpreter, and it integrates well with Samba, the open source CIFS file sharing server.

On a more positive note, on January 19 FreeBSD 5.0 was finally released, after plenty of hard work from the project members and users testing, breaking and filing bug reports for the pre-releases.

The key improvements in 5.0 over previous FreeBSD versions include:

  • Extended and improved multiprocessor support. SMP is now possible on all the platforms FreeBSD runs on –Alpha, Intel i386 and IA-64, Sun Sparc-64 and PC98. Up to sixteen CPUs are supported, but currently no more than eight per machine are recommended.
  • The kernel schedulable entities, which implement a high-performance many-to-many multiprocessor threading model.
  • New file system features such as background checks for quicker start-up in disaster recovery situations; snapshots that allow administrators to duplicate file systems in real time; and extended attributes for access control lists, capability data support and mandatory access control labels.
  • New file systems have been introduced, including basic support for UFS2 which has 64-bit pointers and can handle huge, larger-than-1TB disks.
  • Expanded hardware support – advanced configuration and power interface (ACPI), Bluetooth, IEEE-1394 FireWire and support for hardware cryptographic acceleration.
Perl has been moved out of the base system (although it’s still available from the ports). This should make upgrades and maintenance easier in the long run. Otherwise, the base system contains pretty up-to-date software, like XFree86 4.2.1, so I was a little surprised to see BIND 8.3.3 as the default DNS server.

Doug Barton, the BIND maintainer and committer for FreeBSD, explains why

here. Barton also says that the 8.3.3 version included has been patched to deal with the vulnerabilities announced by ISC and that he’s working on an update to the BIND 9 port to add the PORT_REPLACES_BASE option that BIND 8 has, to make it easy for those users who need the additional features of the latter name resolution server.

Murray Stokely, a member of the FreeBSD release engineering team and head of engineering at FreeBSD Mall, says the release represents its largest engineering success to date, and doesn't sacrifice the expected reliability for new functionality.

Another FreeBSD release engineer team member, Bruce Mah, says version 5.0 exposes much of the developer community's "impressive work, both in terms of user-visible features (such as UFS2 and other file system improvements) and 'under the covers' architectural work (such as the fine-grained kernel locking)”.

Stressing the conservative approach of the FreeBSD project which emphasises stability, Mah says that “users who require a more tested code base may find [the previous release series] 4.x a better match for their needs”. Mah recommends that users upgrading to or installing 5.0 for the first time read carefully the early adopter’s guide bundled with the release.

In case you've missed it, FreeBSD is an open source Unix-like operating system, available for free. It’s based on the Berkeley Software Distribution and the FreeBSD Project has several thousands of developers working on it, around the world. Their work is funnelled through a team of experienced committers, a development model which has created a rock-solid, high-performance OS deployed by large organisations like Yahoo and Apple has also hired a number of FreeBSD project members to move the underlying operating system for MacOS X, Darwin, to a FreeBSD core.

Get FreeBSD for err, free, from your nearest FTP or HTTP mirror – see for details.

Saarinen is an Auckland IT consultant and IDG contributor. Send letters for publication in Computerworld NZ to Computerworld Letters.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AlphaAppleFreeBSD MallHewlett-Packard AustraliaIDGIEEEIntelLinuxYahoo

Show Comments