[Pkg-cups-devel] r48 - in cupsys/branches/cups-1.2/debian: . patches

Martin Pitt mpitt at costa.debian.org
Wed Dec 7 14:26:04 UTC 2005


Author: mpitt
Date: Wed Dec  7 14:26:03 2005
New Revision: 48

Modified:
   cupsys/branches/cups-1.2/debian/changelog
   cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch
Log:
Use CUPS_DEFAULT_GROUP instead of 'nobody' as the default group for setgid'ing
to and conffiles which must be writable for cupsd.



Modified: cupsys/branches/cups-1.2/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2/debian/changelog	(original)
+++ cupsys/branches/cups-1.2/debian/changelog	Wed Dec  7 14:26:03 2005
@@ -21,6 +21,8 @@
   * debian/patches/44_fixconfdirperms.dpatch:
     - Put configuration files into group root instead of nobody to avoid
       privilege escalation of nobody/nogroup and comply to Debian standards.
+    - Use CUPS_DEFAULT_GROUP instead of 'nobody' as the default group for
+      setgid'ing to and conffiles which must be writable for cupsd.
     - Disable changing permissions of cupsd.conf conffile.
   * Add debian/patches/09_runasuser_fixes.dpatch:
     - scheduler/main.c: Generate a certificate even when running as user, just
@@ -31,7 +33,7 @@
       different device types (lp for USB/parallel printers, dialout for serial
       printers, etc.)
 
- -- Martin Pitt <mpitt at debian.org>  Wed,  7 Dec 2005 15:01:24 +0100
+ -- Martin Pitt <mpitt at debian.org>  Wed,  7 Dec 2005 15:24:01 +0100
 
 cupsys (1.1.99.b1.r4841-1) experimental; urgency=low
 

Modified: cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch
==============================================================================
--- cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch	(original)
+++ cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch	Wed Dec  7 14:26:03 2005
@@ -6,39 +6,22 @@
 
 @DPATCH@
 diff -urNad cupsys~/scheduler/conf.c cupsys/scheduler/conf.c
---- cupsys~/scheduler/conf.c	2005-12-07 14:34:33.000000000 +0100
-+++ cupsys/scheduler/conf.c	2005-12-07 14:43:37.000000000 +0100
-@@ -364,25 +364,13 @@
-   }
- 
+--- cupsys~/scheduler/conf.c	2005-11-14 22:53:30.000000000 +0100
++++ cupsys/scheduler/conf.c	2005-12-07 15:17:32.000000000 +0100
+@@ -366,10 +366,10 @@
    endpwent();
-+  endgrent();
  
   /*
 -  * Find the default group (nobody)...
-+  * Put configuration files into group 'root' to avoid privilege escalation of
-+  * other users.
++  * Find the default group...
    */
--
+ 
 -  group = getgrnam("nobody");
--  endgrent();
--
--  if (group != NULL)
--    Group = group->gr_gid;
--  else
--  {
--   /*
--    * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
--    * complement number...)
--    */
--
--    Group = 65534;
--  }
-+  Group = 0;
++  group = getgrnam(CUPS_DEFAULT_GROUP);
+   endgrent();
  
-  /*
-   * Numeric options...
-@@ -515,22 +503,10 @@
+   if (group != NULL)
+@@ -515,22 +515,10 @@
  
        cupsdLogMessage(CUPSD_LOG_NOTICE,
                        "Group and SystemGroup cannot use the same groups!");
@@ -63,7 +46,7 @@
      }
    }
  
-@@ -614,7 +590,7 @@
+@@ -614,7 +602,7 @@
    if (access(temp, 0))
      mkdir(temp, 0755);
    chown(temp, RunUser, Group);
@@ -72,7 +55,7 @@
  
    chown(StateDir, RunUser, Group);
    chmod(StateDir, 0775);
-@@ -629,13 +605,13 @@
+@@ -629,13 +617,13 @@
      chmod(temp, 0510);
  
    chown(ServerRoot, RunUser, Group);
@@ -88,7 +71,7 @@
  
    snprintf(temp, sizeof(temp), "%s/ssl", ServerRoot);
    if (access(temp, 0))
-@@ -643,9 +619,11 @@
+@@ -643,9 +631,11 @@
    chown(temp, RunUser, Group);
    chmod(temp, 0700);
  



More information about the Pkg-cups-devel mailing list