[cups-devel] [HIGH] STR #4500: /etc/cups/ppd/*.ppd not world-readable, cupsGetPPD() returns symlink

Tim Waugh noreply at cups.org
Fri Oct 10 09:41:51 PDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

Since commit 112fc3c0, PPD files are created using cupsdCreateConfFile(...,
ConfigFilePerm) which means they are no longer world-readable.

However, cupsGetPPD3() returns a symlink to /etc/cups/ppd/... if the file
exists.

    snprintf(ppdname, sizeof(ppdname), "%s/ppd/%s.ppd",
cg->cups_serverroot,
             name);
    if (!stat(ppdname, &ppdinfo))
    {
     /*
      * OK, the file exists, use it!
      */

      if (buffer[0])
      {
        unlink(buffer);

        if (symlink(ppdname, buffer) && errno != EEXIST)
        {

Either the PPD files should be created world-readable, or cupsGetPPD3()
should check for readability, not just existence.

Original bug report:
  https://bugzilla.redhat.com/show_bug.cgi?id=1150917

Link: https://www.cups.org/str.php?L4500
Version: 1.7.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJUOAxPAAoJENujp6sI12IjyPwP/1FTMeOa73a/lEb2OL72+7TC
mhjxzeDNmc4UVlyriY+KUiFHypf9hhxfQWLpvLYTfQHbchr2USDQ0CFKEfnnWKee
vSIFRXG7BsTlR/i6pZ6tn9vMFc9adu6BmlK2Rw7r9f0eKlXvfj6sEkh/4XNDhtcS
+cIhuglN2+bpXWGMdBMUKb++654yPyb9QudFU3t1u6gsdqfMNMWs0VBRfrehgKzr
8tVkwuiMF76ojQYWYHnQC+AOtjh67+0dEmTnzqxc5tdZDHM0/yOfnZ/HlC1fY7Ip
qUJcYPgSXE1WMrylnRv+/3Or6YVX49dmf6NUns0UjlP1h5jMbX9Z1RJQ2RpSGXmq
mA3wfx3vrs5ghbxRxQm7VXppj+khGC+2Dv5Tynb/r980/0l7HeIi9u1mU/tQR6sU
8tUmBzCxnWw+49AI+c7dDRjqmR8HR1/fKu1JcWKbRU23eLKRytzk+KVHLvBdY6D6
IUUyH+uDMb3GJkfysMdid1Ov5pu+v7xMBTH8TweE44+UtOiEmthkm/CEQiTFg2o0
iHOJo/JiYS9fFhly6M6Vt+tIoGm/k0Em1iQT5kgeN7Rk0SykBpkhdout/JC2/GC5
y07hMia0tteUbyvTd0OPy9KPggKyYsdL97CtGbOKU6ChimiUHy7T197Gy6VJoTpJ
2cr4JjKOGk4JqSki/iD6
=K1tB
-----END PGP SIGNATURE-----




More information about the cups mailing list