|
 |
1d75c0 |
From d47f6aec436e0e9df6554436e391471097686ecc Mon Sep 17 00:00:00 2001
|
|
|
1d75c0 |
From: Michael R Sweet <michael.r.sweet@gmail.com>
|
|
|
1d75c0 |
Date: Tue, 8 May 2018 15:24:21 -0700
|
|
|
1d75c0 |
Subject: [PATCH] Fix local privilege escalation to root and sandbox bypasses
|
|
|
1d75c0 |
in scheduler (rdar://37836779, rdar://37836995, rdar://37837252,
|
|
|
1d75c0 |
rdar://37837581)
|
|
|
1d75c0 |
|
|
|
1d75c0 |
---
|
|
|
1d75c0 |
man/cups-files.conf.man.in | 10 ++
|
|
|
1d75c0 |
man/cupsd.conf.man.in | 8 --
|
|
|
1d75c0 |
scheduler/conf.c | 201 +++++++++++++++++++++++--------------
|
|
|
1d75c0 |
scheduler/job.c | 12 +++
|
|
|
1d75c0 |
scheduler/process.c | 16 +--
|
|
|
1d75c0 |
scheduler/server.c | 20 +++-
|
|
|
1d75c0 |
test/run-stp-tests.sh | 11 +-
|
|
|
1d75c0 |
7 files changed, 179 insertions(+), 99 deletions(-)
|
|
|
1d75c0 |
|
|
|
1d75c0 |
diff --git a/man/cups-files.conf.man.in b/man/cups-files.conf.man.in
|
|
|
1d75c0 |
index 7b96d687d..baf3cb6af 100644
|
|
|
1d75c0 |
--- a/man/cups-files.conf.man.in
|
|
|
1d75c0 |
+++ b/man/cups-files.conf.man.in
|
|
|
1d75c0 |
@@ -153,6 +153,11 @@ The server name may be included in filenames using the string "%s", for example:
|
|
|
1d75c0 |
|
|
|
1d75c0 |
.fi
|
|
|
1d75c0 |
The default is "/var/log/cups/page_log".
|
|
|
1d75c0 |
+.\"#PassEnv
|
|
|
1d75c0 |
+.TP 5
|
|
|
1d75c0 |
+\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
|
|
|
1d75c0 |
+Passes the specified environment variable(s) to child processes.
|
|
|
1d75c0 |
+Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
|
|
|
1d75c0 |
.\"#RemoteRoot
|
|
|
1d75c0 |
.TP 5
|
|
|
1d75c0 |
\fBRemoteRoot \fIusername\fR
|
|
|
1d75c0 |
@@ -187,6 +192,11 @@ macOS uses its keychain database to store certificates and keys while other plat
|
|
|
1d75c0 |
\fBServerRoot \fIdirectory\fR
|
|
|
1d75c0 |
Specifies the directory containing the server configuration files.
|
|
|
1d75c0 |
The default is "/etc/cups".
|
|
|
1d75c0 |
+.\"#SetEnv
|
|
|
1d75c0 |
+.TP 5
|
|
|
1d75c0 |
+\fBSetEnv \fIvariable value\fR
|
|
|
1d75c0 |
+Set the specified environment variable to be passed to child processes.
|
|
|
1d75c0 |
+Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
|
|
|
1d75c0 |
.\"#StateDir
|
|
|
1d75c0 |
.TP 5
|
|
|
1d75c0 |
\fBStateDir \fIdirectory\fR
|
|
|
1d75c0 |
diff --git a/man/cupsd.conf.man.in b/man/cupsd.conf.man.in
|
|
|
1d75c0 |
index 3ffc80e42..36c849398 100644
|
|
|
1d75c0 |
--- a/man/cupsd.conf.man.in
|
|
|
1d75c0 |
+++ b/man/cupsd.conf.man.in
|
|
|
1d75c0 |
@@ -349,10 +349,6 @@ The default is "1048576" (1MB).
|
|
|
1d75c0 |
\fBMultipleOperationTimeout \fIseconds\fR
|
|
|
1d75c0 |
Specifies the maximum amount of time to allow between files in a multiple file print job.
|
|
|
1d75c0 |
The default is "300" (5 minutes).
|
|
|
1d75c0 |
-.\"#PassEnv
|
|
|
1d75c0 |
-.TP 5
|
|
|
1d75c0 |
-\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
|
|
|
1d75c0 |
-Passes the specified environment variable(s) to child processes.
|
|
|
1d75c0 |
.\"#Policy
|
|
|
1d75c0 |
.TP 5
|
|
|
1d75c0 |
\fB<Policy \fIname\fB> \fR... \fB</Policy>\fR
|
|
|
1d75c0 |
@@ -433,10 +429,6 @@ Specifies what information is included in the Server header of HTTP responses.
|
|
|
1d75c0 |
command.
|
|
|
1d75c0 |
"Full" reports "CUPS 2.0.0 (UNAME) IPP/2.0".
|
|
|
1d75c0 |
The default is "Minimal".
|
|
|
1d75c0 |
-.\"#SetEnv
|
|
|
1d75c0 |
-.TP 5
|
|
|
1d75c0 |
-\fBSetEnv \fIvariable value\fR
|
|
|
1d75c0 |
-Set the specified environment variable to be passed to child processes.
|
|
|
1d75c0 |
.\"#SSLListen
|
|
|
1d75c0 |
.TP 5
|
|
|
1d75c0 |
\fBSSLListen \fIipv4-address\fB:\fIport\fR
|
|
|
1d75c0 |
diff --git a/scheduler/conf.c b/scheduler/conf.c
|
|
|
1d75c0 |
index 67a91e7a6..b51c6060c 100644
|
|
|
1d75c0 |
--- a/scheduler/conf.c
|
|
|
1d75c0 |
+++ b/scheduler/conf.c
|
|
|
1d75c0 |
@@ -2929,13 +2929,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
/* Line from file */
|
|
|
1d75c0 |
temp[HTTP_MAX_BUFFER],
|
|
|
1d75c0 |
/* Temporary buffer for value */
|
|
|
1d75c0 |
- *value, /* Pointer to value */
|
|
|
1d75c0 |
- *valueptr; /* Pointer into value */
|
|
|
1d75c0 |
+ *value; /* Pointer to value */
|
|
|
1d75c0 |
int valuelen; /* Length of value */
|
|
|
1d75c0 |
http_addrlist_t *addrlist, /* Address list */
|
|
|
1d75c0 |
*addr; /* Current address */
|
|
|
1d75c0 |
- cups_file_t *incfile; /* Include file */
|
|
|
1d75c0 |
- char incname[1024]; /* Include filename */
|
|
|
1d75c0 |
|
|
|
1d75c0 |
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
@@ -2950,28 +2947,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
* Decode the directive...
|
|
|
1d75c0 |
*/
|
|
|
1d75c0 |
|
|
|
1d75c0 |
- if (!_cups_strcasecmp(line, "Include") && value)
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- /*
|
|
|
1d75c0 |
- * Include filename
|
|
|
1d75c0 |
- */
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- if (value[0] == '/')
|
|
|
1d75c0 |
- strlcpy(incname, value, sizeof(incname));
|
|
|
1d75c0 |
- else
|
|
|
1d75c0 |
- snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
|
|
|
1d75c0 |
- cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
1d75c0 |
- "Unable to include config file \"%s\" - %s",
|
|
|
1d75c0 |
- incname, strerror(errno));
|
|
|
1d75c0 |
- else
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- read_cupsd_conf(incfile);
|
|
|
1d75c0 |
- cupsFileClose(incfile);
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
- else if (!_cups_strcasecmp(line, "
|
|
|
1d75c0 |
+ if (!_cups_strcasecmp(line, "
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
* <Location path>
|
|
|
1d75c0 |
@@ -3367,31 +3343,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
|
|
|
1d75c0 |
value, linenum, ConfigurationFile);
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
- else if (!_cups_strcasecmp(line, "PassEnv") && value)
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- /*
|
|
|
1d75c0 |
- * PassEnv variable [... variable]
|
|
|
1d75c0 |
- */
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- for (; *value;)
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- for (valuelen = 0; value[valuelen]; valuelen ++)
|
|
|
1d75c0 |
- if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
|
|
|
1d75c0 |
- break;
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- if (value[valuelen])
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- value[valuelen] = '\0';
|
|
|
1d75c0 |
- valuelen ++;
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- cupsdSetEnv(value, NULL);
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- for (value += valuelen; *value; value ++)
|
|
|
1d75c0 |
- if (!_cups_isspace(*value) || *value != ',')
|
|
|
1d75c0 |
- break;
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
else if (!_cups_strcasecmp(line, "ServerAlias") && value)
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
@@ -3420,30 +3371,6 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
break;
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
- else if (!_cups_strcasecmp(line, "SetEnv") && value)
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- /*
|
|
|
1d75c0 |
- * SetEnv variable value
|
|
|
1d75c0 |
- */
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- if (*valueptr)
|
|
|
1d75c0 |
- {
|
|
|
1d75c0 |
- /*
|
|
|
1d75c0 |
- * Found a value...
|
|
|
1d75c0 |
- */
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- while (isspace(*valueptr & 255))
|
|
|
1d75c0 |
- *valueptr++ = '\0';
|
|
|
1d75c0 |
-
|
|
|
1d75c0 |
- cupsdSetEnv(value, valueptr);
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
- else
|
|
|
1d75c0 |
- cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
1d75c0 |
- "Missing value for SetEnv directive on line %d of %s.",
|
|
|
1d75c0 |
- linenum, ConfigurationFile);
|
|
|
1d75c0 |
- }
|
|
|
1d75c0 |
else if (!_cups_strcasecmp(line, "AccessLog") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "CacheDir") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "ConfigFilePerm") ||
|
|
|
1d75c0 |
@@ -3457,6 +3384,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "LogFilePerm") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "LPDConfigFile") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "PageLog") ||
|
|
|
1d75c0 |
+ !_cups_strcasecmp(line, "PassEnv") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "Printcap") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "PrintcapFormat") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "RemoteRoot") ||
|
|
|
1d75c0 |
@@ -3466,6 +3394,7 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "ServerKey") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "ServerKeychain") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "ServerRoot") ||
|
|
|
1d75c0 |
+ !_cups_strcasecmp(line, "SetEnv") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "SMBConfigFile") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "StateDir") ||
|
|
|
1d75c0 |
!_cups_strcasecmp(line, "SystemGroup") ||
|
|
|
1d75c0 |
@@ -3495,10 +3424,49 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
static int /* O - 1 on success, 0 on failure */
|
|
|
1d75c0 |
read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
- int linenum; /* Current line number */
|
|
|
1d75c0 |
+ int i, /* Looping var */
|
|
|
1d75c0 |
+ linenum; /* Current line number */
|
|
|
1d75c0 |
char line[HTTP_MAX_BUFFER], /* Line from file */
|
|
|
1d75c0 |
*value; /* Value from line */
|
|
|
1d75c0 |
struct group *group; /* Group */
|
|
|
1d75c0 |
+ static const char * const prohibited_env[] =
|
|
|
1d75c0 |
+ { /* Prohibited environment variables */
|
|
|
1d75c0 |
+ "APPLE_LANGUAGE",
|
|
|
1d75c0 |
+ "AUTH_DOMAIN",
|
|
|
1d75c0 |
+ "AUTH_INFO_REQUIRED",
|
|
|
1d75c0 |
+ "AUTH_NEGOTIATE",
|
|
|
1d75c0 |
+ "AUTH_PASSWORD",
|
|
|
1d75c0 |
+ "AUTH_UID",
|
|
|
1d75c0 |
+ "AUTH_USERNAME",
|
|
|
1d75c0 |
+ "CHARSET",
|
|
|
1d75c0 |
+ "CLASS",
|
|
|
1d75c0 |
+ "CLASSIFICATION",
|
|
|
1d75c0 |
+ "CONTENT_TYPE",
|
|
|
1d75c0 |
+ "CUPS_CACHEDIR",
|
|
|
1d75c0 |
+ "CUPS_DATADIR",
|
|
|
1d75c0 |
+ "CUPS_DOCROOT",
|
|
|
1d75c0 |
+ "CUPS_FILETYPE",
|
|
|
1d75c0 |
+ "CUPS_FONTPATH",
|
|
|
1d75c0 |
+ "CUPS_MAX_MESSAGE",
|
|
|
1d75c0 |
+ "CUPS_REQUESTROOT",
|
|
|
1d75c0 |
+ "CUPS_SERVERBIN",
|
|
|
1d75c0 |
+ "CUPS_SERVERROOT",
|
|
|
1d75c0 |
+ "CUPS_STATEDIR",
|
|
|
1d75c0 |
+ "DEVICE_URI",
|
|
|
1d75c0 |
+ "FINAL_CONTENT_TYPE",
|
|
|
1d75c0 |
+ "HOME",
|
|
|
1d75c0 |
+ "LANG",
|
|
|
1d75c0 |
+ "PPD",
|
|
|
1d75c0 |
+ "PRINTER",
|
|
|
1d75c0 |
+ "PRINTER_INFO",
|
|
|
1d75c0 |
+ "PRINTER_LOCATION",
|
|
|
1d75c0 |
+ "PRINTER_STATE_REASONS",
|
|
|
1d75c0 |
+ "RIP_CACHE",
|
|
|
1d75c0 |
+ "SERVER_ADMIN",
|
|
|
1d75c0 |
+ "SOFTWARE",
|
|
|
1d75c0 |
+ "TMPDIR",
|
|
|
1d75c0 |
+ "USER"
|
|
|
1d75c0 |
+ };
|
|
|
1d75c0 |
|
|
|
1d75c0 |
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
@@ -3536,6 +3504,47 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
+ else if (!_cups_strcasecmp(line, "PassEnv") && value)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ /*
|
|
|
1d75c0 |
+ * PassEnv variable [... variable]
|
|
|
1d75c0 |
+ */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ int valuelen; /* Length of variable name */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ for (; *value;)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ for (valuelen = 0; value[valuelen]; valuelen ++)
|
|
|
1d75c0 |
+ if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
|
|
|
1d75c0 |
+ break;
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ if (value[valuelen])
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ value[valuelen] = '\0';
|
|
|
1d75c0 |
+ valuelen ++;
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ if (!strcmp(value, prohibited_env[i]))
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be passed through on line %d of %s.", value, linenum, CupsFilesFile);
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
|
|
|
1d75c0 |
+ return (0);
|
|
|
1d75c0 |
+ else
|
|
|
1d75c0 |
+ break;
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
|
|
|
1d75c0 |
+ cupsdSetEnv(value, NULL);
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ for (value += valuelen; *value; value ++)
|
|
|
1d75c0 |
+ if (!_cups_isspace(*value) || *value != ',')
|
|
|
1d75c0 |
+ break;
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
@@ -3581,6 +3590,46 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
|
|
|
1d75c0 |
return (0);
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
+ else if (!_cups_strcasecmp(line, "SetEnv") && value)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ /*
|
|
|
1d75c0 |
+ * SetEnv variable value
|
|
|
1d75c0 |
+ */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ char *valueptr; /* Pointer to environment variable value */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ if (*valueptr)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ /*
|
|
|
1d75c0 |
+ * Found a value...
|
|
|
1d75c0 |
+ */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ while (isspace(*valueptr & 255))
|
|
|
1d75c0 |
+ *valueptr++ = '\0';
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ for (i = 0; i < (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])); i ++)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ if (!strcmp(value, prohibited_env[i]))
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Environment variable \"%s\" cannot be set on line %d of %s.", value, linenum, CupsFilesFile);
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ if (FatalErrors & CUPSD_FATAL_CONFIG)
|
|
|
1d75c0 |
+ return (0);
|
|
|
1d75c0 |
+ else
|
|
|
1d75c0 |
+ break;
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ if (i >= (int)(sizeof(prohibited_env) / sizeof(prohibited_env[0])))
|
|
|
1d75c0 |
+ cupsdSetEnv(value, valueptr);
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+ else
|
|
|
1d75c0 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
1d75c0 |
+ "Missing value for SetEnv directive on line %d of %s.",
|
|
|
1d75c0 |
+ linenum, ConfigurationFile);
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
else if (!_cups_strcasecmp(line, "SystemGroup") && value)
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
diff --git a/scheduler/job.c b/scheduler/job.c
|
|
|
1d75c0 |
index 61cda44e2..5ced0b9d1 100644
|
|
|
1d75c0 |
--- a/scheduler/job.c
|
|
|
1d75c0 |
+++ b/scheduler/job.c
|
|
|
1d75c0 |
@@ -4779,6 +4779,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */
|
|
|
1d75c0 |
job->profile = cupsdCreateProfile(job->id, 0);
|
|
|
1d75c0 |
job->bprofile = cupsdCreateProfile(job->id, 1);
|
|
|
1d75c0 |
|
|
|
1d75c0 |
+#ifdef HAVE_SANDBOX_H
|
|
|
1d75c0 |
+ if ((!job->profile || !job->bprofile) && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ /*
|
|
|
1d75c0 |
+ * Failure to create the sandbox profile means something really bad has
|
|
|
1d75c0 |
+ * happened and we need to shutdown immediately.
|
|
|
1d75c0 |
+ */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ return;
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+#endif /* HAVE_SANDBOX_H */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
* Create the status pipes and buffer...
|
|
|
1d75c0 |
*/
|
|
|
1d75c0 |
diff --git a/scheduler/process.c b/scheduler/process.c
|
|
|
1d75c0 |
index b8d49d8f0..3c1c6ba4f 100644
|
|
|
1d75c0 |
--- a/scheduler/process.c
|
|
|
1d75c0 |
+++ b/scheduler/process.c
|
|
|
1d75c0 |
@@ -98,9 +98,13 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
|
|
|
1d75c0 |
|
|
|
1d75c0 |
if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
+ /*
|
|
|
1d75c0 |
+ * This should never happen, and is fatal when sandboxing is enabled.
|
|
|
1d75c0 |
+ */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
|
|
|
1d75c0 |
- cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
|
|
|
1d75c0 |
- strerror(errno));
|
|
|
1d75c0 |
+ cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno));
|
|
|
1d75c0 |
+ kill(getpid(), SIGTERM);
|
|
|
1d75c0 |
return (NULL);
|
|
|
1d75c0 |
}
|
|
|
1d75c0 |
|
|
|
1d75c0 |
@@ -197,10 +201,8 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
|
|
|
1d75c0 |
" #\"^%s/\"" /* TempDir/... */
|
|
|
1d75c0 |
" #\"^%s$\"" /* CacheDir */
|
|
|
1d75c0 |
" #\"^%s/\"" /* CacheDir/... */
|
|
|
1d75c0 |
- " #\"^%s$\"" /* StateDir */
|
|
|
1d75c0 |
- " #\"^%s/\"" /* StateDir/... */
|
|
|
1d75c0 |
"))\n",
|
|
|
1d75c0 |
- temp, temp, cache, cache, state, state);
|
|
|
1d75c0 |
+ temp, temp, cache, cache);
|
|
|
1d75c0 |
/* Read common folders */
|
|
|
1d75c0 |
cupsFilePrintf(fp,
|
|
|
1d75c0 |
"(allow file-read-data file-read-metadata\n"
|
|
|
1d75c0 |
@@ -242,8 +244,10 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
|
|
|
1d75c0 |
" #\"^%s/\"" /* ServerBin/... */
|
|
|
1d75c0 |
" #\"^%s$\"" /* ServerRoot */
|
|
|
1d75c0 |
" #\"^%s/\"" /* ServerRoot/... */
|
|
|
1d75c0 |
+ " #\"^%s$\"" /* StateDir */
|
|
|
1d75c0 |
+ " #\"^%s/\"" /* StateDir/... */
|
|
|
1d75c0 |
"))\n",
|
|
|
1d75c0 |
- request, request, bin, bin, root, root);
|
|
|
1d75c0 |
+ request, request, bin, bin, root, root, state, state);
|
|
|
1d75c0 |
if (Sandboxing == CUPSD_SANDBOXING_RELAXED)
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
/* Limited write access to /Library/Printers/... */
|
|
|
1d75c0 |
diff --git a/scheduler/server.c b/scheduler/server.c
|
|
|
1d75c0 |
index cecbabe67..a4033791b 100644
|
|
|
1d75c0 |
--- a/scheduler/server.c
|
|
|
1d75c0 |
+++ b/scheduler/server.c
|
|
|
1d75c0 |
@@ -34,16 +34,28 @@ void
|
|
|
1d75c0 |
cupsdStartServer(void)
|
|
|
1d75c0 |
{
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
- * Start color management (as needed)...
|
|
|
1d75c0 |
+ * Create the default security profile...
|
|
|
1d75c0 |
*/
|
|
|
1d75c0 |
|
|
|
1d75c0 |
- cupsdStartColor();
|
|
|
1d75c0 |
+ DefaultProfile = cupsdCreateProfile(0, 1);
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+#ifdef HAVE_SANDBOX_H
|
|
|
1d75c0 |
+ if (!DefaultProfile && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
|
|
|
1d75c0 |
+ {
|
|
|
1d75c0 |
+ /*
|
|
|
1d75c0 |
+ * Failure to create the sandbox profile means something really bad has
|
|
|
1d75c0 |
+ * happened and we need to shutdown immediately.
|
|
|
1d75c0 |
+ */
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+ return;
|
|
|
1d75c0 |
+ }
|
|
|
1d75c0 |
+#endif /* HAVE_SANDBOX_H */
|
|
|
1d75c0 |
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
- * Create the default security profile...
|
|
|
1d75c0 |
+ * Start color management (as needed)...
|
|
|
1d75c0 |
*/
|
|
|
1d75c0 |
|
|
|
1d75c0 |
- DefaultProfile = cupsdCreateProfile(0, 1);
|
|
|
1d75c0 |
+ cupsdStartColor();
|
|
|
1d75c0 |
|
|
|
1d75c0 |
/*
|
|
|
1d75c0 |
* Startup all the networking stuff...
|
|
|
1d75c0 |
diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh
|
|
|
1d75c0 |
index 7eb269a67..f83bd5d91 100755
|
|
|
1d75c0 |
--- a/test/run-stp-tests.sh
|
|
|
1d75c0 |
+++ b/test/run-stp-tests.sh
|
|
|
1d75c0 |
@@ -489,11 +489,6 @@ StrictConformance Yes
|
|
|
1d75c0 |
Browsing Off
|
|
|
1d75c0 |
Listen localhost:$port
|
|
|
1d75c0 |
Listen $BASE/sock
|
|
|
1d75c0 |
-PassEnv DYLD_LIBRARY_PATH
|
|
|
1d75c0 |
-PassEnv LD_LIBRARY_PATH
|
|
|
1d75c0 |
-PassEnv LD_PRELOAD
|
|
|
1d75c0 |
-PassEnv LOCALEDIR
|
|
|
1d75c0 |
-PassEnv SHLIB_PATH
|
|
|
1d75c0 |
MaxSubscriptions 3
|
|
|
1d75c0 |
MaxLogSize 0
|
|
|
1d75c0 |
AccessLogLevel actions
|
|
|
1d75c0 |
@@ -529,6 +524,12 @@ TempDir $BASE/spool/temp
|
|
|
1d75c0 |
AccessLog $BASE/log/access_log
|
|
|
1d75c0 |
ErrorLog $BASE/log/error_log
|
|
|
1d75c0 |
PageLog $BASE/log/page_log
|
|
|
1d75c0 |
+
|
|
|
1d75c0 |
+PassEnv DYLD_LIBRARY_PATH
|
|
|
1d75c0 |
+PassEnv LD_LIBRARY_PATH
|
|
|
1d75c0 |
+PassEnv LD_PRELOAD
|
|
|
1d75c0 |
+PassEnv LOCALEDIR
|
|
|
1d75c0 |
+PassEnv SHLIB_PATH
|
|
|
1d75c0 |
EOF
|
|
|
1d75c0 |
|
|
|
1d75c0 |
if test $ssltype != 0 -a `uname` = Darwin; then
|
|
|
1d75c0 |
--
|
|
|
1d75c0 |
2.17.1
|
|
|
1d75c0 |
|