]> git.ipfire.org Git - thirdparty/cups.git/blobdiff - scheduler/job.c
projects / thirdparty / cups.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix local privilege escalation to root and sandbox bypasses in scheduler
[thirdparty/cups.git] / scheduler / job.c
diff --git a/scheduler/job.c b/scheduler/job.c
index 86e75e65ce9bd366f2d60b87538cf05fe61d0025..ed8267d5d94b66b6768232d3fbe6754f2481e8ca 100644 (file)
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -1,7 +1,7 @@
 /*
  * Job management routines for the CUPS scheduler.
  *
- * Copyright 2007-2017 by Apple Inc.
+ * Copyright 2007-2018 by Apple Inc.
  * Copyright 1997-2007 by Easy Software Products, all rights reserved.
  *
  * These coded instructions, statements, and computer programs are the
@@ -4774,6 +4774,18 @@ start_job(cupsd_job_t     *job,          /* I - Job ID */
   job->profile  = cupsdCreateProfile(job->id, 0);
   job->bprofile = cupsdCreateProfile(job->id, 1);
 
+#ifdef HAVE_SANDBOX_H
+  if ((!job->profile || !job->bprofile) && UseSandboxing && Sandboxing != CUPSD_SANDBOXING_OFF)
+  {
+   /*
+    * Failure to create the sandbox profile means something really bad has
+    * happened and we need to shutdown immediately.
+    */
+
+    return;
+  }
+#endif /* HAVE_SANDBOX_H */
+
  /*
   * Create the status pipes and buffer...
   */
Unnamed repository; edit this file 'description' to name the repository.