[Pkg-cups-devel] r192 - in cupsys/branches/cups-1.2-ubuntu/debian: . patches

Martin Pitt mpitt at costa.debian.org
Fri Apr 21 14:03:42 UTC 2006 

Author: mpitt
Date: Fri Apr 21 14:03:41 2006
New Revision: 192

Modified:
   cupsys/branches/cups-1.2-ubuntu/debian/changelog
   cupsys/branches/cups-1.2-ubuntu/debian/patches/09_runasuser.dpatch
Log:
* debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root
  certificate permissions from 0440 to 0240, so that the CGI programs cannot
  read it any more. Without this patch, cupsd presented its own certificate
  to itself, and *every* user could do admin tasks without authentication.



Modified: cupsys/branches/cups-1.2-ubuntu/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/changelog	(original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/changelog	Fri Apr 21 14:03:41 2006
@@ -42,8 +42,12 @@
       /usr/share/cups/model/custom.
   * debian/cupsys.dirs: Ship /usr/lib/cups/driver/ to avoid error messages if
     it's missing.
+  * debian/patches/09_runasuser.dpatch, scheduler/cert.c: Change root
+    certificate permissions from 0440 to 0240, so that the CGI programs cannot
+    read it any more. Without this patch, cupsd presented its own certificate
+    to itself, and *every* user could do admin tasks without authentication.
 
- -- Martin Pitt <martin.pitt at ubuntu.com>  Wed, 19 Apr 2006 14:43:52 +0200
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Fri, 21 Apr 2006 15:55:50 +0200
 
 cupsys (1.1.99.rc2-0exp1) experimental; urgency=low
 

Modified: cupsys/branches/cups-1.2-ubuntu/debian/patches/09_runasuser.dpatch
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/patches/09_runasuser.dpatch	(original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/patches/09_runasuser.dpatch	Fri Apr 21 14:03:41 2006
@@ -5,9 +5,9 @@
 ## DP: No description.
 
 @DPATCH@
-diff -urNad cupsys~/config-scripts/cups-defaults.m4 cupsys/config-scripts/cups-defaults.m4
---- cupsys~/config-scripts/cups-defaults.m4	2006-04-06 22:03:32.000000000 +0200
-+++ cupsys/config-scripts/cups-defaults.m4	2006-04-12 16:12:23.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/config-scripts/cups-defaults.m4 cups-1.2-ubuntu/config-scripts/cups-defaults.m4
+--- cups-1.2-ubuntu~/config-scripts/cups-defaults.m4	2006-04-06 22:03:32.000000000 +0200
++++ cups-1.2-ubuntu/config-scripts/cups-defaults.m4	2006-04-21 15:52:19.000000000 +0200
 @@ -218,6 +218,17 @@
  AC_DEFINE_UNQUOTED(CUPS_DEFAULT_GROUP, "$CUPS_GROUP")
  AC_DEFINE_UNQUOTED(CUPS_DEFAULT_SYSTEM_GROUPS, "$CUPS_SYSTEM_GROUPS")
@@ -26,9 +26,9 @@
  dnl Default printcap file...
  AC_ARG_WITH(printcap, [  --with-printcap     set default printcap file],
  	default_printcap="$withval",
-diff -urNad cupsys~/config.h.in cupsys/config.h.in
---- cupsys~/config.h.in	2006-04-06 22:03:32.000000000 +0200
-+++ cupsys/config.h.in	2006-04-12 16:12:23.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/config.h.in cups-1.2-ubuntu/config.h.in
+--- cups-1.2-ubuntu~/config.h.in	2006-04-06 22:03:32.000000000 +0200
++++ cups-1.2-ubuntu/config.h.in	2006-04-21 15:52:19.000000000 +0200
 @@ -41,6 +41,11 @@
  #define CUPS_DEFAULT_GROUP	"sys"
  #define CUPS_DEFAULT_SYSTEM_GROUPS	"sys root system"
@@ -41,9 +41,21 @@
  
  /*
   * Default file permissions...
-diff -urNad cupsys~/scheduler/conf.c cupsys/scheduler/conf.c
---- cupsys~/scheduler/conf.c	2006-04-06 22:03:32.000000000 +0200
-+++ cupsys/scheduler/conf.c	2006-04-12 16:12:23.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/scheduler/cert.c cups-1.2-ubuntu/scheduler/cert.c
+--- cups-1.2-ubuntu~/scheduler/cert.c	2006-04-07 16:39:46.000000000 +0200
++++ cups-1.2-ubuntu/scheduler/cert.c	2006-04-21 15:52:42.000000000 +0200
+@@ -116,7 +116,7 @@
+     * Root certificate...
+     */
+ 
+-    fchmod(fd, 0440);
++    fchmod(fd, 0240);
+     fchown(fd, RunUser, SystemGroupIDs[0]);
+ 
+     cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddCert: NumSystemGroups=%d",
+diff -urNad cups-1.2-ubuntu~/scheduler/conf.c cups-1.2-ubuntu/scheduler/conf.c
+--- cups-1.2-ubuntu~/scheduler/conf.c	2006-04-06 22:03:32.000000000 +0200
++++ cups-1.2-ubuntu/scheduler/conf.c	2006-04-21 15:52:19.000000000 +0200
 @@ -460,7 +460,11 @@
    if (!status)
      return (0);
@@ -56,9 +68,9 @@
  
   /*
    * Use the default system group if none was supplied in cupsd.conf...
-diff -urNad cupsys~/scheduler/main.c cupsys/scheduler/main.c
---- cupsys~/scheduler/main.c	2006-04-07 17:36:10.000000000 +0200
-+++ cupsys/scheduler/main.c	2006-04-12 16:12:54.000000000 +0200
+diff -urNad cups-1.2-ubuntu~/scheduler/main.c cups-1.2-ubuntu/scheduler/main.c
+--- cups-1.2-ubuntu~/scheduler/main.c	2006-04-07 17:36:10.000000000 +0200
++++ cups-1.2-ubuntu/scheduler/main.c	2006-04-21 15:52:19.000000000 +0200
 @@ -56,6 +56,9 @@
  #include <sys/resource.h>
  #include <syslog.h>

More information about the Pkg-cups-devel mailing list