]> git.ipfire.org Git - thirdparty/cups.git/blobdiff - scheduler/job.c
projects / thirdparty / cups.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix local privilege escalation to root and sandbox bypasses in scheduler
[thirdparty/cups.git] / scheduler / job.c
diff --git a/scheduler/job.c b/scheduler/job.c
index 61cda44e2fea198e32f4d097d0a0ecdb525d6ade..5ced0b9d1fc22387c4492c6735eeaa08a0bf161c 100644 (file)
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -4779,6 +4779,18 @@ start_job(cupsd_job_t     *job,          /* I - Job ID */
   job->profile  = cupsdCreateProfile(job->id, 0);
   job->bprofile = cupsdCreateProfile(job->id, 1);
 
+#ifdef HAVE_SANDBOX_H
+  if ((!job->profile || !job->bprofile) && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
+  {
+   /*
+    * Failure to create the sandbox profile means something really bad has
+    * happened and we need to shutdown immediately.
+    */
+
+    return;
+  }
+#endif /* HAVE_SANDBOX_H */
+
  /*
   * Create the status pipes and buffer...
   */
Unnamed repository; edit this file 'description' to name the repository.