[Pkg-cups-devel] r865 - in cupsys/trunk: . debian debian/patches

[Martin Pitt]

Author: mpitt
Date: Sun Sep  7 07:58:17 2008
New Revision: 865

Log:
rootbackends-worldreadable.dpatch: Do not run backends as root if they are
group or world writable (this is by and large a paranoia fix, though).

Modified:
   cupsys/trunk/   (props changed)
   cupsys/trunk/debian/changelog
   cupsys/trunk/debian/patches/rootbackends-worldreadable.dpatch

Modified: cupsys/trunk/debian/changelog
==============================================================================
--- cupsys/trunk/debian/changelog	(original)
+++ cupsys/trunk/debian/changelog	Sun Sep  7 07:58:17 2008
@@ -1,3 +1,10 @@
+cups (1.3.8-10) UNRELEASED; urgency=low
+
+  * rootbackends-worldreadable.dpatch: Do not run backends as root if they are
+    group or world writable (this is by and large a paranoia fix, though).
+
+ -- Martin Pitt <mpitt at debian.org>  Sun, 07 Sep 2008 09:57:28 +0200
+
 cups (1.3.8-9) experimental; urgency=low
 
   * Previous upload had some cruft in the diff.gz which caused some changed

Modified: cupsys/trunk/debian/patches/rootbackends-worldreadable.dpatch
==============================================================================
--- cupsys/trunk/debian/patches/rootbackends-worldreadable.dpatch	(original)
+++ cupsys/trunk/debian/patches/rootbackends-worldreadable.dpatch	Sun Sep  7 07:58:17 2008
@@ -27,7 +27,7 @@
  	backroot = 0;
        else
 -        backroot = !(backinfo.st_mode & (S_IRWXG | S_IRWXO));
-+        backroot = !(backinfo.st_mode & (S_IXGRP | S_IXOTH));
++        backroot = !(backinfo.st_mode & (S_IWGRP | S_IXGRP | S_IWOTH | S_IXOTH));
  
        argv[0] = sani_uri;