http://bugzilla.novell.com/show_bug.cgi?id=588679 http://bugzilla.novell.com/show_bug.cgi?id=588679#c5 --- Comment #5 from Johannes Meixner <jsmeix@novell.com> 2010-03-17 08:29:56 UTC --- The now obsolete implementations of Printerlib::WriteClientSettings and Printerlib::WriteCupsSettings --------------------------------------------------------------------------- global boolean WriteCupsSettings(map ay){ string cups_file="/etc/cups/cupsd.conf"; y2milestone("Create backup of %1 file:%2", cups_file, SCR::Execute(.target.bash, sformat("mv %1 %1.$(date -I)", cups_file))); SCR::Write(.cups.server, ay); return true; } --------------------------------------------------------------------------- are broken because: - Those functions call /bin/mv to "Create backup" (of course without any error check afterwards) but if the subsequent SCR::Write fails, there might be no longer a /etc/cups/cupsd.conf file because it was moved away (to make a backup "cp -p ..." is a correct way) and - if the subsequent SCR::Write is succesful, it runs the Perl script in agents/ag_cups but I don't see any kind of owner/group and permission settings in agents/ag_cups. It just blindly writes a /etc/cups/cupsd.conf file with whatever unpredictable owner/group and permissions of the user who currently runs it. Usually owner/group is root/root which is wong because for /etc/cups/cupsd.conf it should be root/lp and the permissions are usually -rw-r--r-- (depending on the umask of the user who currently runs it) which is totally wrong. It should be -rw-r----- because world-wide read permissions for whatever passwords therein (in particular a possible BrowseLDAPPassword value) is even a security bug! Therefore I will remove Printerlib::WriteClientSettings and Printerlib::WriteCupsSettings and all those stuff in the agents/ sub-directory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.