2021-12-05 16:55:11 +00:00
|
|
|
--- cups-2.4.0/scheduler/cups-exec.c 2021-11-29 16:19:34.235186064 +0100
|
|
|
|
|
+++ cups-2.4.0/scheduler/cups-exec.c.new 2021-11-29 16:25:30.764049649 +0100
|
|
|
|
|
@@ -134,9 +134,14 @@ main(int argc, /* I - Number of command-line args */
|
|
|
|
|
# if CUPS_SNAP
|
|
|
|
|
if (setgroups(0, NULL))
|
|
|
|
|
# else
|
2018-01-31 06:35:15 +00:00
|
|
|
- if (setgroups(1, &gid))
|
2021-12-05 16:55:11 +00:00
|
|
|
-# endif /* CUPS_SNAP */
|
2018-01-31 06:35:15 +00:00
|
|
|
+#include <pwd.h>
|
|
|
|
|
+ struct passwd * pwd = getpwuid(uid);
|
|
|
|
|
+ if(initgroups(pwd->pw_name,pwd->pw_gid))
|
|
|
|
|
+ {
|
|
|
|
|
+ fprintf(stderr, "DEBUG: initgroups failed\n");
|
|
|
|
|
exit(errno + 100);
|
|
|
|
|
+ }
|
2021-12-05 16:55:11 +00:00
|
|
|
+# endif /* CUPS_SNAP */
|
2018-01-31 06:35:15 +00:00
|
|
|
|
|
|
|
|
if (uid && setuid(uid))
|
|
|
|
|
exit(errno + 100);
|
2021-12-05 16:55:11 +00:00
|
|
|
--- cups-2.4.0/scheduler/util.c 2021-11-29 15:27:31.000000000 +0100
|
|
|
|
|
+++ cups-2.4.0/scheduler/util.c.new 2021-11-29 16:29:58.810719066 +0100
|
|
|
|
|
@@ -296,7 +296,16 @@
|
2018-01-31 06:35:15 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
if (!getuid() && user)
|
|
|
|
|
- setuid(user); /* Run as restricted user */
|
|
|
|
|
+ {
|
|
|
|
|
+#include <pwd.h>
|
|
|
|
|
+ struct passwd * pwd = getpwuid(user);
|
|
|
|
|
+ if(initgroups(pwd->pw_name,pwd->pw_gid))
|
|
|
|
|
+ {
|
|
|
|
|
+ fprintf(stderr, "DEBUG: initgroups failed\n");
|
|
|
|
|
+ exit(errno + 100);
|
|
|
|
|
+ }
|
|
|
|
|
+ setuid(user); /* Run as restricted user */
|
|
|
|
|
+ }
|
|
|
|
|
|
|
|
|
|
if ((fd = open("/dev/null", O_RDONLY)) > 0)
|
|
|
|
|
{
|
