PostScript Printing of Security Information (Solaris Trusted Extensions Administrator's Procedures)

Solaris Trusted Extensions Administrator's Procedures

PostScript Printing of Security Information

Labeled printing in Trusted Extensions relies on features from Solaris printing. In the Solaris OS, printer model scripts handle banner page creation. To implement labeling, a printer model script first converts the print job to a PostScript^TM file. Then, the PostScript file is manipulated to insert labels on body pages, and to create banner and trailer pages.

Solaris printer model scripts can also translate PostScript into the native language of a printer. If a printer accepts PostScript input, then Solaris software sends the job to the printer. If a printer does not accept PostScript input, then the software converts the PostScript format to a raster image. The raster image is then converted to the appropriate printer format.

Because PostScript software is used to print label information, users cannot print PostScript files by default. This restriction prevents a knowledgeable PostScript programmer from creating a PostScript file that modifies the labels on the printer output.

The Security Administrator role can override this restriction by assigning the Print Postscript authorization to role accounts and to trustworthy users. The authorization is assigned only if the account can be trusted not to spoof the labels on printer output. Also, allowing a user to print PostScript files must be consistent with the site's security policy.

Printer Model Scripts

A printer model script enables a particular model of printer to provide banner and trailer pages. Trusted Extensions provides four scripts:

tsol_standard - For directly attached PostScript printers, for example, printers attached by a parallel port
tsol_netstandard - For network–accessible PostScript printers
tsol_standard_foomatic - For directly attached printers that do not print PostScript format
tsol_netstandard_foomatic - For network–accessible printers that do not print PostScript format

The foomatic scripts are used when a printer driver name begins with Foomatic. Foomatic drivers are PostScript Printer Drivers (PPD). By default, “Use PPD” is specified in the Print Manager when you add a printer. A PPD is then used to translate banner and trailer pages into the language of the printer.

Additional Conversion Filters

A conversion filter converts text files to PostScript format. The filter's programs are trusted programs that are run by the printer daemon. Files that are converted to PostScript format by any installed filter program can be trusted to have authentic labels and banner and trailer page text.

Solaris software provides most conversion filters that a site needs. A site's System Administrator role can install additional filters. These filters can then be trusted to have authentic labels, and banner and trailer pages. To add conversion filters, see Chapter 9, Customizing LP Printing Services and Printers (Tasks), in System Administration Guide: Solaris Printing.