From c7880d63a9fa1a52ac05e820ce7b80ffec9ed3aa Mon Sep 17 00:00:00 2001
From: mike <mike@7a7537e8-13f0-0310-91df-b6672ffda945>
Date: Wed, 31 Aug 2011 02:56:53 +0000
Subject: [PATCH] The scheduler will no longer run programs with group write
 permission.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@9940 7a7537e8-13f0-0310-91df-b6672ffda945
---
 CHANGES.txt |  3 ++-
 cups/file.c | 18 +++---------------
 2 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 58b9973db4..8bca378935 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,8 +1,9 @@
-CHANGES.txt - 1.6b1 - 2011-08-27
+CHANGES.txt - 1.6b1 - 2011-08-30
 --------------------------------
 
 CHANGES IN CUPS V1.6b1
 
+	- The scheduler will no longer run programs with group write permission.
 	- The PHP module has been removed (STR #3932)
 	- The bannertops, commandtoescpx, commandtopclx, imagetops,
 	  imagetoraster, pdftops, rastertoescpx, rastertopclx, and texttops
diff --git a/cups/file.c b/cups/file.c
index 25b07f21ec..560518ff61 100644
--- a/cups/file.c
+++ b/cups/file.c
@@ -167,19 +167,13 @@ _cupsFileCheck(
   * Verify permission of the file itself:
   *
   * 1. Must be owned by root
-  * 2. Must not be writable by group unless group is root/wheel/admin
+  * 2. Must not be writable by group
   * 3. Must not be setuid
   * 4. Must not be writable by others
   */
 
   if (fileinfo.st_uid ||		/* 1. Must be owned by root */
-#ifdef __APPLE__
-      ((fileinfo.st_mode & S_IWGRP) && fileinfo.st_gid &&
-       fileinfo.st_gid != 80) ||	/* 2. Must not be writable by group */
-#else
-      ((fileinfo.st_mode & S_IWGRP) && fileinfo.st_gid) ||
-					/* 2. Must not be writable by group */
-#endif /* __APPLE__ */
+      (fileinfo.st_mode & S_IWGRP)  ||	/* 2. Must not be writable by group */
       (fileinfo.st_mode & S_ISUID) ||	/* 3. Must not be setuid */
       (fileinfo.st_mode & S_IWOTH))	/* 4. Must not be writable by others */
   {
@@ -218,13 +212,7 @@ _cupsFileCheck(
   }
 
   if (fileinfo.st_uid ||		/* 1. Must be owned by root */
-#ifdef __APPLE__
-      ((fileinfo.st_mode & S_IWGRP) && fileinfo.st_gid &&
-       fileinfo.st_gid != 80) ||	/* 2. Must not be writable by group */
-#else
-      ((fileinfo.st_mode & S_IWGRP) && fileinfo.st_gid) ||
-					/* 2. Must not be writable by group */
-#endif /* __APPLE__ */
+      (fileinfo.st_mode & S_IWGRP) ||	/* 2. Must not be writable by group */
       (fileinfo.st_mode & S_ISUID) ||	/* 3. Must not be setuid */
       (fileinfo.st_mode & S_IWOTH))	/* 4. Must not be writable by others */
   {
-- 
2.47.2