Blame SOURCES/cups-str4327.patch

63e5ea
diff -up cups-1.7.0/cups/usersys.c.str4327 cups-1.7.0/cups/usersys.c
63e5ea
--- cups-1.7.0/cups/usersys.c.str4327	2013-07-10 15:08:39.000000000 +0100
63e5ea
+++ cups-1.7.0/cups/usersys.c	2014-01-08 16:30:40.443026913 +0000
63e5ea
@@ -875,7 +875,25 @@ _cupsSetDefaults(void)
63e5ea
   cups_expiredcerts   = getenv("CUPS_EXPIREDCERTS");
63e5ea
 
63e5ea
   if ((cups_user = getenv("CUPS_USER")) == NULL)
63e5ea
-    cups_user = getenv("USER");
63e5ea
+  {
63e5ea
+   /*
63e5ea
+    * Try the USER environment variable...
63e5ea
+    */
63e5ea
+
63e5ea
+    if ((cups_user = getenv("USER")) != NULL)
63e5ea
+    {
63e5ea
+     /*
63e5ea
+      * Validate USER matches the current UID, otherwise don't allow it to
63e5ea
+      * override things...  This makes sure that printing after doing su or
63e5ea
+      * sudo records the correct username.
63e5ea
+      */
63e5ea
+
63e5ea
+      struct passwd	*pw;		/* Account information */
63e5ea
+
63e5ea
+      if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
63e5ea
+        cups_user = NULL;
63e5ea
+    }
63e5ea
+  }
63e5ea
 
63e5ea
  /*
63e5ea
   * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf