git: 0932ae6b9977 - stable/14 - lpd: Tighten permissions on /var/run/printer
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 24 Feb 2025 18:17:05 UTC
The branch stable/14 has been updated by emaste:
URL: https://cgit.FreeBSD.org/src/commit/?id=0932ae6b99779a4da1c8032f6622e46750786181
commit 0932ae6b99779a4da1c8032f6622e46750786181
Author: Stanislav Shalunov <shalunov@att.com>
AuthorDate: 2024-10-11 15:49:02 +0000
Commit: Ed Maste <emaste@FreeBSD.org>
CommitDate: 2025-02-24 18:11:34 +0000
lpd: Tighten permissions on /var/run/printer
Exclude group read/write permissions as well. Otherwise, group wheel can
submit things w/o the normal accounting. While group wheel is generally
trusted on the machine, submitting jobs w/o checks is not one of the
functions we document for that group.
PR: 17289
Differential Revision: https://reviews.freebsd.org/D47040
(cherry picked from commit 6cde8f3ef7cd060be39d78055eaf982b06b19a3b)
---
usr.sbin/lpr/lpd/lpd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.sbin/lpr/lpd/lpd.c b/usr.sbin/lpr/lpd/lpd.c
index 19456c9406df..c9a7e1615b74 100644
--- a/usr.sbin/lpr/lpd/lpd.c
+++ b/usr.sbin/lpr/lpd/lpd.c
@@ -326,7 +326,7 @@ main(int argc, char **argv)
sigaddset(&nmask, SIGTERM);
sigprocmask(SIG_BLOCK, &nmask, &omask);
- (void) umask(07);
+ (void) umask(077);
signal(SIGHUP, mcleanup);
signal(SIGINT, mcleanup);
signal(SIGQUIT, mcleanup);