[cups-devel] [HIGH] STR #4500: /etc/cups/ppd/*.ppd not world-readable, cupsGetPPD() returns symlink
Tim Waugh
noreply at cups.org
Fri Oct 10 09:41:51 PDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
Since commit 112fc3c0, PPD files are created using cupsdCreateConfFile(...,
ConfigFilePerm) which means they are no longer world-readable.
However, cupsGetPPD3() returns a symlink to /etc/cups/ppd/... if the file
exists.
snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd",
cg->cups_serverroot,
name);
if (!stat(ppdname, &ppdinfo))
{
/*
* OK, the file exists, use it!
*/
if (buffer[0])
{
unlink(buffer);
if (symlink(ppdname, buffer) && errno != EEXIST)
{
Either the PPD files should be created world-readable, or cupsGetPPD3()
should check for readability, not just existence.
Original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=1150917
Link: https://www.cups.org/str.php?L4500
Version: 1.7.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUOAxPAAoJENujp6sI12IjyPwP/1FTMeOa73a/lEb2OL72+7TC
mhjxzeDNmc4UVlyriY+KUiFHypf9hhxfQWLpvLYTfQHbchr2USDQ0CFKEfnnWKee
vSIFRXG7BsTlR/i6pZ6tn9vMFc9adu6BmlK2Rw7r9f0eKlXvfj6sEkh/4XNDhtcS
+cIhuglN2+bpXWGMdBMUKb++654yPyb9QudFU3t1u6gsdqfMNMWs0VBRfrehgKzr
8tVkwuiMF76ojQYWYHnQC+AOtjh67+0dEmTnzqxc5tdZDHM0/yOfnZ/HlC1fY7Ip
qUJcYPgSXE1WMrylnRv+/3Or6YVX49dmf6NUns0UjlP1h5jMbX9Z1RJQ2RpSGXmq
mA3wfx3vrs5ghbxRxQm7VXppj+khGC+2Dv5Tynb/r980/0l7HeIi9u1mU/tQR6sU
8tUmBzCxnWw+49AI+c7dDRjqmR8HR1/fKu1JcWKbRU23eLKRytzk+KVHLvBdY6D6
IUUyH+uDMb3GJkfysMdid1Ov5pu+v7xMBTH8TweE44+UtOiEmthkm/CEQiTFg2o0
iHOJo/JiYS9fFhly6M6Vt+tIoGm/k0Em1iQT5kgeN7Rk0SykBpkhdout/JC2/GC5
y07hMia0tteUbyvTd0OPy9KPggKyYsdL97CtGbOKU6ChimiUHy7T197Gy6VJoTpJ
2cr4JjKOGk4JqSki/iD6
=K1tB
-----END PGP SIGNATURE-----
More information about the cups
mailing list