Репозитории ALT
S: | 2.4.7-alt1 |
5.1: | 1.4.2-alt1.M51.2 |
4.1: | 1.3.10-alt0.M41.4 |
+updates: | 1.3.9-alt1.M41.1 |
4.0: | 1.2.12-alt6.M40.9 |
+updates: | 1.2.12-alt6.M40.8 |
3.0: | 1.1.20-alt14.1 |
Группа :: Система/Серверы
Пакет: cups
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: cups-1.4.0-alt-hardening.patch
Скачать
Скачать
diff --git a/cups/cups/usersys.c b/cups/cups/usersys.c
index fae28aa..49a901c 100644
--- a/cups/cups/usersys.c
+++ b/cups/cups/usersys.c
@@ -379,6 +379,49 @@ _cupsGetPassword(const char *prompt) /* I - Prompt string */
#endif /* WIN32 */
+static int
+_cupsUnixSocketAccess(const char* name)
+{
+ struct sockaddr_un s_un;
+ int sock = -1;
+ int ret = 0;
+
+ bzero(&s_un, sizeof(s_un));
+
+ strncpy(s_un.sun_path, name,sizeof s_un.sun_path);
+ s_un.sun_family = AF_UNIX;
+
+ if (((sock = socket(AF_UNIX, SOCK_STREAM, 0)) > 0) &&
+ (connect(sock, (struct sockaddr *)&s_un,SUN_LEN(&s_un)) == 0))
+ ret = 1;
+
+ if (sock >= 0) close(sock);
+ return ret;
+}
+
+static int
+_cupsLocalhostAccess(int port)
+{
+ struct sockaddr_in s_in;
+ int sock = -1;
+ int ret = 0;
+
+ bzero(&s_in, sizeof(s_in));
+
+ s_in.sin_family = AF_INET;
+ s_in.sin_port = htons(port);
+
+ if (inet_aton("127.0.0.1", (struct in_addr*)&(s_in.sin_addr)) == 0)
+ return 0;
+
+ if (((sock = socket(AF_INET, SOCK_STREAM, 0)) > 0) &&
+ (connect(sock, (struct sockaddr *)&s_in,sizeof(s_in)) == 0))
+ ret = 1;
+
+ if (sock >= 0) close(sock);
+ return ret;
+}
+
/*
* '_cupsSetDefaults()' - Set the default server, port, and encryption.
*/
@@ -451,6 +494,24 @@ _cupsSetDefaults(void)
if (cg->encryption == (http_encryption_t)-1)
cg->encryption = HTTP_ENCRYPT_IF_REQUESTED;
+ if (!cg->ipp_port)
+ {
+ const char *ipp_port; /* IPP_PORT environment variable */
+ struct servent *service; /* Port number info */
+
+
+ if ((ipp_port = getenv("IPP_PORT")) != NULL)
+ {
+ if ((cg->ipp_port = atoi(ipp_port)) <= 0)
+ cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
+ }
+ else if ((service = getservbyname("ipp", NULL)) == NULL ||
+ service->s_port <= 0)
+ cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
+ else
+ cg->ipp_port = ntohs(service->s_port);
+ }
+
if (!cg->server[0])
{
if (!cups_server)
@@ -463,34 +524,20 @@ _cupsSetDefaults(void)
struct stat sockinfo; /* Domain socket information */
- if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
- (sockinfo.st_mode & S_IRWXO) == S_IRWXO)
- cups_server = CUPS_DEFAULT_DOMAINSOCKET;
+ if (_cupsUnixSocketAccess(CUPS_DEFAULT_DOMAINSOCKET))
+ cups_server = CUPS_DEFAULT_DOMAINSOCKET;
+ else if (_cupsLocalhostAccess(cg->ipp_port))
+ cups_server = "localhost";
else
-#endif /* CUPS_DEFAULT_DOMAINSOCKET */
+ cups_server = CUPS_DEFAULT_DOMAINSOCKET;
+#else
cups_server = "localhost";
+#endif /* CUPS_DEFAULT_DOMAINSOCKET */
}
cupsSetServer(cups_server);
}
- if (!cg->ipp_port)
- {
- const char *ipp_port; /* IPP_PORT environment variable */
- struct servent *service; /* Port number info */
-
-
- if ((ipp_port = getenv("IPP_PORT")) != NULL)
- {
- if ((cg->ipp_port = atoi(ipp_port)) <= 0)
- cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
- }
- else if ((service = getservbyname("ipp", NULL)) == NULL ||
- service->s_port <= 0)
- cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
- else
- cg->ipp_port = ntohs(service->s_port);
- }
}
diff --git a/cups/scheduler/listen.c b/cups/scheduler/listen.c
index e9b116f..28d6ba7 100644
--- a/cups/scheduler/listen.c
+++ b/cups/scheduler/listen.c
@@ -317,7 +317,11 @@ cupsdStartListening(void)
cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s on fd %d...",
s, lis->fd);
- if (chmod(s, 0140777))
+ if (chmod(s, 0770))
+ cupsdLogMessage(CUPSD_LOG_ERROR,
+ "Unable to change permisssions on domain socket "
+ "\"%s\" - %s", s, strerror(errno));
+ if (chown(s, 0,Group))
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to change permisssions on domain socket "
"\"%s\" - %s", s, strerror(errno));