Ask Klaus
Ask Klaus
Klaus Knopper answers your Linux questions.
DNS Security Bug
What's the easiest way to get rid of the dangerous "DNS resolver" security bug that was recently detected (CVE-2015-7547)? Security lists tell me that all programs that resolve Internet names to IP addresses are affected, such as Firefox, LibreOffice, and various KDE and Gnome programs. Do I have to upgrade all of them?
It is the GLIBC implementation of the C libraries getaddrinfo()
function that causes a stack overflow in case of specially crafted answers from a direct name server query. Programs can crash or execute arbitrary code due to this bug, but in order to exploit it, the attacker must first manipulate a DNS server that's queried by your client system. If your Linux system is behind an access point or router that acts as a DNS proxy, chances are that you are safe, because the DNS proxy may already replace bad replies by an "address not available" response. However, you should upgrade as soon as possible anyway – not the entire system, but definitely the glibc libraries that contain the vulnerability.
For Debian-based systems, updating the libc6 package is sufficient to fix all programs dynamically linked with libc6; these are the commands for Knoppix/Debian:
sudo apt-get update sudo apt-get install -t unstable libc6
I use the "unstable" branch here just because it contains the newest version of libc6. With regular updates of Ubuntu and others, the libc version may get updated automatically from the "security" branches of the distribution.
Printer Problem
Klaus: I am having a printer issue. I have a desktop with a fresh install using Intel Core i5 CPU running OS Linux Peppermint 5, 64-bit version. I formatted the hard drive, thereby wiping out all underlying information. I have two HP OfficeJet P3015 laser printers connected via Ethernet on the LAN as follows:
192.168.0.10, HP-OfficeJet-P3015a 192.168.0.11, HP-OfficeJet-P3015b.
I configured these printers using the web browser interface supplied by Hewlett-Packard.
On my computer, I configured only the first printer (P3015a) using the GUI printer application: Start Menu | System Tools | Printers in the Printers – localhost dialog box (system-config-printer). I never added the second printer (P3015b).
If I launch LibreOffice and print a document, I can only see the first printer (P3015a). If I launch Firefox and print a document, I can see both printers: (P3015a and P3015b). Why is this? Do the separate applications use different mechanisms to print to the printer?
You may ask why I did not configuration both printers using the GUI on Peppermint from the outset. I did this once before; however, I was getting a conflict. Whenever I would try to print from my machine, say at IP 192.168.0.34, I could see both printers from LibreOffice, but when I did the same from Firefox, I could also see both printers, but the second one (P3015b) had a grayed out Print button. This was my only solution.
--Kevin
Indeed, just as you suspected, each program can use a different mechanism to acquire the list of available printers! Although most Linux distros use the CUPS printing system as back end to printer filters and printer features nowadays, the front ends may differ between native CUPS protocol printing (maybe using the http interface on port 631 directly), or the Berkeley-style front ends lpq
or "lpr" or the SystemV syntax with lpstat
and lp
.
Your second printer may have been autodetected because you already configured the first one and installed the driver module, probably using CUPS and hplip, which is HP's suite of printer drivers for many multifunction, Inkjet, and Laserjet printers.
Usually, when configuring several printers with the same driver in CUPS, you don't get any conflicts that would keep programs from accessing any of the printers. However, depending on the printer front end, your printers may have to be given dedicated internal names. So, for example, the lpr -P printername
front end knows which printer you want to print on. And, this may have been the problem: Two identical printers with identical names (or no explicit name set) may be a problem for some programs.
The obvious solution is, entering the printer config, and assigning unique names to each printer, following the Unix scheme: Just use lower+uppercase letters and numbers, but no spaces or other special symbols for the "nickname" of the printer. You can use anything you like in the printer's description, though.
Figure 1 shows the setting of a HPLIP printer in the CUPS web GUI, which is an alternative to the "printer configuration" in your system menu. Here, I set the name of the printer to printer1
, and you could set the second printers name to printer2
, so it's easy for programs to distinguish between those two, regardless of using the same driver and settings for both. With two different names, they should both be accessible from any program.
However, if one of the printers gets stuck with an error message, this can also lead to a grayed out Print button. I usually check abort-job (on error) instead of stop printer, so a defective print job just gets discarded and will not try to block the printer indefinitely (Figure 2).
dd Command
Dear Klaus, Just to let you know that I tried dd
again, but with the conv=sync,noerror
options. The second USB backup hard disk is booting fine now!
I assume that a small disk error on the primary USB hard disk could have caused the second USB hard disk copy to shift, perhaps rendering it unbootable.
Unfortunately, I haven't been able to rescue data from a persistent partition yet. An option in Knoppix to save user data could perhaps be helpful to users?
Best regards, Theo
I assume you did a
dd if=/dev/sdb1 of=/media/sdc1/sdb1-backup.img bs=1M conv=sync,noerror
to create a backup image of your USB disks first partition on a second drives first partition.
Note that on read errors, the dd
command may still behave erroneously, and noerror
alone will not replace read errors by zeroes but skip data on the input, shifting data backward on the output after the error, unless you also add the sync
option (which you did).
Still, I would prefer dd_rescue
for the task of reading from a partly defective hard disk, because it can approach to the location of a defective sector from both sides, which in some cases works better than linear reading.
In regard to your second question of rescuing data from the persistent Knoppix (/dev/sdb2
, as an example) partition: This partition is usually formatted with the ReiserFS filesystem, not ext2, 3, or 4, because from my experience, ReiserFS is easier to handle and auto-recovers after a crash simply by mounting.
If ReiserFS is not included in your kernel, you may have to force load the ReiserFS filesystem module by explicitly stating the filesystem for mounting the partition backup (sdb2-backup.img
in this example):
sudo mount -t reiserfs -o loop sdb2-backup.img /mnt
You should then be able to access the persistent partitions data at /mnt, create a tar archive from it by
cd /mnt; tar zcpPvf /media/sdc1/knoppix-data.tar.gz
Sorry, I have no shortcut for this in Knoppix yet.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.