*
* Process management routines for the Common UNIX Printing System (CUPS).
*
- * Copyright 2007-2009 by Apple Inc.
+ * Copyright 2007-2010 by Apple Inc.
* Copyright 1997-2007 by Easy Software Products, all rights reserved.
*
* These coded instructions, statements, and computer programs are the
cupsFilePuts(fp, "(allow default)\n");
cupsFilePrintf(fp,
"(deny file-write* file-read-data file-read-metadata\n"
- " (regex #\"^%s/\"))\n", request);
+ " (regex"
+ " #\"^%s$\"" /* RequestRoot */
+ " #\"^%s/\"" /* RequestRoot/... */
+ " #\"^/Users$\""
+ " #\"^/Users/\""
+ "))\n",
+ request, request);
cupsFilePrintf(fp,
"(deny file-write*\n"
- " (regex #\"^%s\" #\"^/private/etc\" #\"^/usr/local/etc\" "
- "#\"^/Library\" #\"^/System\" #\"^/Users\"))\n", root);
+ " (regex"
+ " #\"^%s$\"" /* ServerRoot */
+ " #\"^%s/\"" /* ServerRoot/... */
+ " #\"^/private/etc$\""
+ " #\"^/private/etc/\""
+ " #\"^/usr/local/etc$\""
+ " #\"^/usr/local/etc/\""
+ " #\"^/Library$\""
+ " #\"^/Library/\""
+ " #\"^/System$\""
+ " #\"^/System/\""
+ "))\n",
+ root, root);
cupsFilePrintf(fp,
"(allow file-write* file-read-data file-read-metadata\n"
- " (regex #\"^%s$\" #\"^%s/\" #\"^%s$\" #\"^%s/\""
+ " (regex"
+ " #\"^%s$\"" /* TempDir */
+ " #\"^%s/\"" /* TempDir/... */
+ " #\"^%s$\"" /* CacheDir */
+ " #\"^%s/\"" /* CacheDir/... */
+ " #\"^%s/Library$\"" /* RequestRoot/Library */
+ " #\"^%s/Library/\"" /* RequestRoot/Library/... */
" #\"^/Library/Application Support/\""
" #\"^/Library/Caches/\""
" #\"^/Library/Preferences/\""
- " #\"^/Library/Printers/\""
+ " #\"^/Library/Printers/.*/\""
+ " #\"^/Users/Shared/\""
"))\n",
- temp, temp, cache, cache);
+ temp, temp, cache, cache, request, request);
cupsFilePuts(fp,
"(deny file-write*\n"
- " (regex #\"^/Library/Printers/PPDs/\""
+ " (regex"
+ " #\"^/Library/Printers/PPDs$\""
+ " #\"^/Library/Printers/PPDs/\""
+ " #\"^/Library/Printers/PPD Plugins$\""
" #\"^/Library/Printers/PPD Plugins/\""
"))\n");
if (job_id)
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
force);
- if (force)
+ if (!pid)
+ return (0);
+ else if (force)
return (kill(pid, SIGKILL));
else
return (kill(pid, SIGTERM));
return (0);
}
- else if ((commandinfo.st_mode & (S_ISUID | S_IWOTH)) ||
- (!RunUser && commandinfo.st_uid))
+ else if (!RunUser &&
+ ((commandinfo.st_mode & (S_ISUID | S_IWGRP | S_IWOTH)) ||
+ commandinfo.st_uid))
{
*pid = 0;
* Reset group membership to just the main one we belong to.
*/
- setgid(Group);
- setgroups(1, &Group);
+ if (setgid(Group) && !RunUser)
+ exit(errno);
+
+ if (setgroups(1, &Group) && !RunUser)
+ exit(errno);
}
/*
#ifdef HAVE_SIGSET
sigset(SIGTERM, SIG_DFL);
sigset(SIGCHLD, SIG_DFL);
+ sigset(SIGPIPE, SIG_DFL);
#elif defined(HAVE_SIGACTION)
memset(&action, 0, sizeof(action));
sigaction(SIGTERM, &action, NULL);
sigaction(SIGCHLD, &action, NULL);
+ sigaction(SIGPIPE, &action, NULL);
#else
signal(SIGTERM, SIG_DFL);
signal(SIGCHLD, SIG_DFL);
+ signal(SIGPIPE, SIG_DFL);
#endif /* HAVE_SIGSET */
cupsdReleaseSignals();
projects / thirdparty / cups.git / blobdiff