[Pkg-cups-devel] r48 - in cupsys/branches/cups-1.2/debian: . patches
Martin Pitt
mpitt at costa.debian.org
Wed Dec 7 14:26:04 UTC 2005
Author: mpitt
Date: Wed Dec 7 14:26:03 2005
New Revision: 48
Modified:
cupsys/branches/cups-1.2/debian/changelog
cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch
Log:
Use CUPS_DEFAULT_GROUP instead of 'nobody' as the default group for setgid'ing
to and conffiles which must be writable for cupsd.
Modified: cupsys/branches/cups-1.2/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2/debian/changelog (original)
+++ cupsys/branches/cups-1.2/debian/changelog Wed Dec 7 14:26:03 2005
@@ -21,6 +21,8 @@
* debian/patches/44_fixconfdirperms.dpatch:
- Put configuration files into group root instead of nobody to avoid
privilege escalation of nobody/nogroup and comply to Debian standards.
+ - Use CUPS_DEFAULT_GROUP instead of 'nobody' as the default group for
+ setgid'ing to and conffiles which must be writable for cupsd.
- Disable changing permissions of cupsd.conf conffile.
* Add debian/patches/09_runasuser_fixes.dpatch:
- scheduler/main.c: Generate a certificate even when running as user, just
@@ -31,7 +33,7 @@
different device types (lp for USB/parallel printers, dialout for serial
printers, etc.)
- -- Martin Pitt <mpitt at debian.org> Wed, 7 Dec 2005 15:01:24 +0100
+ -- Martin Pitt <mpitt at debian.org> Wed, 7 Dec 2005 15:24:01 +0100
cupsys (1.1.99.b1.r4841-1) experimental; urgency=low
Modified: cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch
==============================================================================
--- cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch (original)
+++ cupsys/branches/cups-1.2/debian/patches/44_fixconfdirperms.dpatch Wed Dec 7 14:26:03 2005
@@ -6,39 +6,22 @@
@DPATCH@
diff -urNad cupsys~/scheduler/conf.c cupsys/scheduler/conf.c
---- cupsys~/scheduler/conf.c 2005-12-07 14:34:33.000000000 +0100
-+++ cupsys/scheduler/conf.c 2005-12-07 14:43:37.000000000 +0100
-@@ -364,25 +364,13 @@
- }
-
+--- cupsys~/scheduler/conf.c 2005-11-14 22:53:30.000000000 +0100
++++ cupsys/scheduler/conf.c 2005-12-07 15:17:32.000000000 +0100
+@@ -366,10 +366,10 @@
endpwent();
-+ endgrent();
/*
- * Find the default group (nobody)...
-+ * Put configuration files into group 'root' to avoid privilege escalation of
-+ * other users.
++ * Find the default group...
*/
--
+
- group = getgrnam("nobody");
-- endgrent();
--
-- if (group != NULL)
-- Group = group->gr_gid;
-- else
-- {
-- /*
-- * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
-- * complement number...)
-- */
--
-- Group = 65534;
-- }
-+ Group = 0;
++ group = getgrnam(CUPS_DEFAULT_GROUP);
+ endgrent();
- /*
- * Numeric options...
-@@ -515,22 +503,10 @@
+ if (group != NULL)
+@@ -515,22 +515,10 @@
cupsdLogMessage(CUPSD_LOG_NOTICE,
"Group and SystemGroup cannot use the same groups!");
@@ -63,7 +46,7 @@
}
}
-@@ -614,7 +590,7 @@
+@@ -614,7 +602,7 @@
if (access(temp, 0))
mkdir(temp, 0755);
chown(temp, RunUser, Group);
@@ -72,7 +55,7 @@
chown(StateDir, RunUser, Group);
chmod(StateDir, 0775);
-@@ -629,13 +605,13 @@
+@@ -629,13 +617,13 @@
chmod(temp, 0510);
chown(ServerRoot, RunUser, Group);
@@ -88,7 +71,7 @@
snprintf(temp, sizeof(temp), "%s/ssl", ServerRoot);
if (access(temp, 0))
-@@ -643,9 +619,11 @@
+@@ -643,9 +631,11 @@
chown(temp, RunUser, Group);
chmod(temp, 0700);
More information about the Pkg-cups-devel
mailing list