http://bugzilla.novell.com/show_bug.cgi?id=588679
http://bugzilla.novell.com/show_bug.cgi?id=588679#c5
--- Comment #5 from Johannes Meixner 2010-03-17 08:29:56 UTC ---
The now obsolete implementations of Printerlib::WriteClientSettings
and Printerlib::WriteCupsSettings
---------------------------------------------------------------------------
global boolean WriteCupsSettings(map ay){
string cups_file="/etc/cups/cupsd.conf";
y2milestone("Create backup of %1 file:%2", cups_file,
SCR::Execute(.target.bash, sformat("mv %1 %1.$(date -I)", cups_file)));
SCR::Write(.cups.server, ay);
return true;
}
---------------------------------------------------------------------------
are broken because:
- Those functions call /bin/mv to "Create backup"
(of course without any error check afterwards)
but if the subsequent SCR::Write fails, there might be
no longer a /etc/cups/cupsd.conf file because it was moved away
(to make a backup "cp -p ..." is a correct way)
and
- if the subsequent SCR::Write is succesful, it runs
the Perl script in agents/ag_cups but I don't see any kind
of owner/group and permission settings in agents/ag_cups.
It just blindly writes a /etc/cups/cupsd.conf file
with whatever unpredictable owner/group and permissions
of the user who currently runs it. Usually owner/group
is root/root which is wong because for /etc/cups/cupsd.conf
it should be root/lp and the permissions are usually -rw-r--r--
(depending on the umask of the user who currently runs it)
which is totally wrong. It should be -rw-r----- because
world-wide read permissions for whatever passwords therein
(in particular a possible BrowseLDAPPassword value) is
even a security bug!
Therefore I will remove Printerlib::WriteClientSettings
and Printerlib::WriteCupsSettings and all those stuff
in the agents/ sub-directory.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.