Ask Klaus
Ask Klaus

Klaus Knopper answers your Linux questions.
DNS Security Bug
What's the easiest way to get rid of the dangerous "DNS resolver" security bug that was recently detected (CVE-2015-7547)? Security lists tell me that all programs that resolve Internet names to IP addresses are affected, such as Firefox, LibreOffice, and various KDE and Gnome programs. Do I have to upgrade all of them?
It is the GLIBC implementation of the C libraries getaddrinfo()
function that causes a stack overflow in case of specially crafted answers from a direct name server query. Programs can crash or execute arbitrary code due to this bug, but in order to exploit it, the attacker must first manipulate a DNS server that's queried by your client system. If your Linux system is behind an access point or router that acts as a DNS proxy, chances are that you are safe, because the DNS proxy may already replace bad replies by an "address not available" response. However, you should upgrade as soon as possible anyway – not the entire system, but definitely the glibc libraries that contain the vulnerability.
For Debian-based systems, updating the libc6 package is sufficient to fix all programs dynamically linked with libc6; these are the commands for Knoppix/Debian:
sudo apt-get update sudo apt-get install -t unstable libc6
I use the "unstable" branch here just because it contains the newest version of libc6. With regular updates of Ubuntu and others, the libc version may get updated automatically from the "security" branches of the distribution.
Printer Problem
Klaus: I am having a printer issue. I have a desktop with a fresh install using Intel Core i5 CPU running OS Linux Peppermint 5, 64-bit version. I formatted the hard drive, thereby wiping out all underlying information. I have two HP OfficeJet P3015 laser printers connected via Ethernet on the LAN as follows:
192.168.0.10, HP-OfficeJet-P3015a 192.168.0.11, HP-OfficeJet-P3015b.
I configured these printers using the web browser interface supplied by Hewlett-Packard.
On my computer, I configured only the first printer (P3015a) using the GUI printer application: Start Menu | System Tools | Printers in the Printers – localhost dialog box (system-config-printer). I never added the second printer (P3015b).
If I launch LibreOffice and print a document, I can only see the first printer (P3015a). If I launch Firefox and print a document, I can see both printers: (P3015a and P3015b). Why is this? Do the separate applications use different mechanisms to print to the printer?
You may ask why I did not configuration both printers using the GUI on Peppermint from the outset. I did this once before; however, I was getting a conflict. Whenever I would try to print from my machine, say at IP 192.168.0.34, I could see both printers from LibreOffice, but when I did the same from Firefox, I could also see both printers, but the second one (P3015b) had a grayed out Print button. This was my only solution.
--Kevin
Indeed, just as you suspected, each program can use a different mechanism to acquire the list of available printers! Although most Linux distros use the CUPS printing system as back end to printer filters and printer features nowadays, the front ends may differ between native CUPS protocol printing (maybe using the http interface on port 631 directly), or the Berkeley-style front ends lpq
or "lpr" or the SystemV syntax with lpstat
and lp
.
Your second printer may have been autodetected because you already configured the first one and installed the driver module, probably using CUPS and hplip, which is HP's suite of printer drivers for many multifunction, Inkjet, and Laserjet printers.
Usually, when configuring several printers with the same driver in CUPS, you don't get any conflicts that would keep programs from accessing any of the printers. However, depending on the printer front end, your printers may have to be given dedicated internal names. So, for example, the lpr -P printername
front end knows which printer you want to print on. And, this may have been the problem: Two identical printers with identical names (or no explicit name set) may be a problem for some programs.
The obvious solution is, entering the printer config, and assigning unique names to each printer, following the Unix scheme: Just use lower+uppercase letters and numbers, but no spaces or other special symbols for the "nickname" of the printer. You can use anything you like in the printer's description, though.
Figure 1 shows the setting of a HPLIP printer in the CUPS web GUI, which is an alternative to the "printer configuration" in your system menu. Here, I set the name of the printer to printer1
, and you could set the second printers name to printer2
, so it's easy for programs to distinguish between those two, regardless of using the same driver and settings for both. With two different names, they should both be accessible from any program.
However, if one of the printers gets stuck with an error message, this can also lead to a grayed out Print button. I usually check abort-job (on error) instead of stop printer, so a defective print job just gets discarded and will not try to block the printer indefinitely (Figure 2).
dd Command
Dear Klaus, Just to let you know that I tried dd
again, but with the conv=sync,noerror
options. The second USB backup hard disk is booting fine now!
I assume that a small disk error on the primary USB hard disk could have caused the second USB hard disk copy to shift, perhaps rendering it unbootable.
Unfortunately, I haven't been able to rescue data from a persistent partition yet. An option in Knoppix to save user data could perhaps be helpful to users?
Best regards, Theo
I assume you did a
dd if=/dev/sdb1 of=/media/sdc1/sdb1-backup.img bs=1M conv=sync,noerror
to create a backup image of your USB disks first partition on a second drives first partition.
Note that on read errors, the dd
command may still behave erroneously, and noerror
alone will not replace read errors by zeroes but skip data on the input, shifting data backward on the output after the error, unless you also add the sync
option (which you did).
Still, I would prefer dd_rescue
for the task of reading from a partly defective hard disk, because it can approach to the location of a defective sector from both sides, which in some cases works better than linear reading.
In regard to your second question of rescuing data from the persistent Knoppix (/dev/sdb2
, as an example) partition: This partition is usually formatted with the ReiserFS filesystem, not ext2, 3, or 4, because from my experience, ReiserFS is easier to handle and auto-recovers after a crash simply by mounting.
If ReiserFS is not included in your kernel, you may have to force load the ReiserFS filesystem module by explicitly stating the filesystem for mounting the partition backup (sdb2-backup.img
in this example):
sudo mount -t reiserfs -o loop sdb2-backup.img /mnt
You should then be able to access the persistent partitions data at /mnt, create a tar archive from it by
cd /mnt; tar zcpPvf /media/sdc1/knoppix-data.tar.gz
Sorry, I have no shortcut for this in Knoppix yet.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
The Next Major Release of Elementary OS has Arrived
It's been over a year since the developers of elementary OS released version 6.1 (Jólnir) but they've finally made their latest release (Horus) available with a renewed focus on the user.
-
KDE Plasma 5.27 Beta is Ready for Testing
The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
-
Netrunner OS 23 Is Now Available
The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
-
New Linux Distribution Built for Gamers
With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
-
System76 Beefs Up Popular Pangolin Laptop
The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
-
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes
If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
-
Gnome 44 Now Has a Release Date
Gnome 44 will be officially released on March 22, 2023.
-
Nitrux 2.6 Available with Kernel 6.1 and a Major Change
The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
-
Vanilla OS Initial Release Is Now Available
A stock GNOME experience with on-demand immutability finally sees its first production release.
-
Critical Linux Vulnerability Found to Impact SMB Servers
A Linux vulnerability with a CVSS score of 10 has been found to affect SMB servers and can lead to remote code execution.