--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: cups-browsed: UDS permissions check always fails in Debian
- From: Raphael Geissert <geissert@debian.org>
- Date: Wed, 5 Aug 2015 14:50:35 +0200
- Message-id: <CAA7hUgEcjkvBYUv0dB1A5FcNUb4=3qz3DJ0asBBVqKqLNHzG=g@mail.gmail.com>
Package: cups-browsed
Version: 1.0.71-1
Severity: minor
Tags: patch
Hi,
cups-browsed checks the permissions of cups' unix socket, looking for
IRWXO. Not only it appears to be useless to check for the execute bit,
but this check always fails with the default Debian config; which
makes cups-browsed use a TCP socket instead of the unix one.
Attached patch makes cups-browsed check only for read and write
permissions on the unix socket.
What do you think?
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Index: cups-filters-1.0.71-1/utils/cups-browsed.c
===================================================================
--- cups-filters-1.0.71-1/utils/cups-browsed.c
+++ cups-filters-1.0.71-1/utils/cups-browsed.c
@@ -3321,9 +3321,10 @@
#endif
if (DomainSocket != NULL) {
struct stat sockinfo; /* Domain socket information */
if (!stat(DomainSocket, &sockinfo) &&
- (sockinfo.st_mode & S_IRWXO) == S_IRWXO)
+ (sockinfo.st_mode & S_IROTH) == S_IROTH &&
+ (sockinfo.st_mode & S_IWOTH) == S_IWOTH)
setenv("CUPS_SERVER", DomainSocket, 1);
else
setenv("CUPS_SERVER", "localhost", 1);
} else
--- End Message ---
--- Begin Message ---
- To: 794654-done@bugs.debian.org
- Subject: Re: Bug#794654: cups-browsed: UDS permissions check always fails in Debian
- From: Didier 'OdyX' Raboud <me@odyx.org>
- Date: Thu, 29 Sep 2016 22:59:44 +0200
- Message-id: <5860994.ss7x08vNSp@gyllingar>
- In-reply-to: <1720347.ALF4TpnnmD@gyllingar>
- References: <CAA7hUgEcjkvBYUv0dB1A5FcNUb4=3qz3DJ0asBBVqKqLNHzG=g@mail.gmail.com> <1720347.ALF4TpnnmD@gyllingar>
Le mercredi, 5 août 2015, 15.07:49 h CEST Didier 'OdyX' Raboud a écrit :
> Le mercredi, 5 août 2015, 14.50:35 Raphael Geissert a écrit :
> > cups-browsed checks the permissions of cups' unix socket, looking for
> > IRWXO. Not only it appears to be useless to check for the execute bit,
> > but this check always fails with the default Debian config; which
> > makes cups-browsed use a TCP socket instead of the unix one.
> >
> > Attached patch makes cups-browsed check only for read and write
> > permissions on the unix socket.
>
> This looks like the https://cups.org/str.php?L4679 , we should probably
> fix this identically in cups-browsed.
>
> Till: opinions?
This was fixed in cups-filters 1.6.0.
> CHANGES IN V1.6.0
>
> - cups-browsed: Fixed use of CUPS domain socket, both
> detection during build process and permission check at
> runtime.
--
Cheers,
OdyX
--- End Message ---