[cups-devel] [HIGH] STR #4461: Log/conf files not accessible via web interface when not world-readable

Tim Waugh noreply at cups.org
Mon Aug 11 09:05:18 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

Here's a patch that works for me.

Now 'cupsctl -U root' works, and 'View Error Log' in the web interface
works when logged in.

diff -up cups-1.7.4/scheduler/client.c.str4461
cups-1.7.4/scheduler/client.c
- --- cups-1.7.4/scheduler/client.c.str4461	2014-08-11 16:30:04.695889827
+0100
+++ cups-1.7.4/scheduler/client.c	2014-08-11 16:30:04.697889838 +0100
@@ -3360,8 +3360,18 @@ get_file(cupsd_client_t *con,		/* I  - C
 
   if (!status && !(filestats->st_mode & S_IROTH))
   {
- -    cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as
\"%s\" must be world-readable.", con->http.fd, filename);
- -    return (NULL);
+   /*
+    * The exception is for cupsd.conf and log files for
+    * authenticated access.
+    */
+
+    if ((strncmp(con->uri, "/admin/conf/cupsd.conf", 22) &&
+	 strncmp(con->uri, "/admin/log/", 11)) ||
+	cupsdIsAuthorized(con, NULL) != HTTP_OK)
+    {
+      cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such
as \"%s\" must be world-readable.", con->http.fd, filename);
+      return (NULL);
+    }
   }
 
  /*

Link: https://www.cups.org/str.php?L4461
Version: 1.7.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJT6Om+AAoJENujp6sI12IjjzwQALKnNkrYhjpbxq+m2GSCu829
SEzot8WXheyCyvYh/r6guBolQkLOCuBAfhNPuE5qVtkHvrPB2uMkU7HQXvbzj+ae
6/0J53B58X0DD2+TrIPCYsaOMO6eHTXfHJRHK5ueqJDJqq+CfBsUCrWnybjsQlaA
wJfVatnbku0dq0Lwis7B6So9gBzhEgPnDLqGX813ktEXCaaVbCD/AgtazHdOtsFg
dilIbC2INS72LpZq7gHUJRzYZ4uoyPwI+ok/hp4TOeJIyIHtXYXmH6kRs5AE3MCJ
g3F+jZg1bjnvmCVf8ROF+rS+uVLUDrCL3t/LlbQJC35BKhYRsqtMMSOgPN5JUM1M
6BROKMRAEsITD5tw2MUvqoU1shsucVOgAH5+waXycP7IsxpEAKRhuc3Ky8K5umNe
JAT83C1i97GaAWuvq8PuduvBt3QN9T+pvtGAYihbbKfF87DgnQrr0nKR6/5PPpZ3
0fvUC+DxtH5f2soZtrm+hudA9tN+L9x82doTrxTsQaAiG26TgumqFeTOi2zbtvkc
n6iT8HktL3FS4xTuVgecmHODOC7zxWP88n+ml340nUjPHuUL9j+X4UHcLXkKi1RU
VURK5Ruz2xhmfTGIU6hyZSO1WIafQLX4S/TRMSyQ2frEGcwGiMttToTO3zr3BUV2
varjX4JT7eTyqyEwlCgW
=c0iw
-----END PGP SIGNATURE-----




More information about the cups-devel mailing list