git: 6cde8f3ef7cd - main - lpd: Tighten permissions on /var/run/printer
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 11 Oct 2024 15:55:32 UTC
The branch main has been updated by imp:
URL: https://cgit.FreeBSD.org/src/commit/?id=6cde8f3ef7cd060be39d78055eaf982b06b19a3b
commit 6cde8f3ef7cd060be39d78055eaf982b06b19a3b
Author: Stanislav Shalunov <shalunov@att.com>
AuthorDate: 2024-10-11 15:49:02 +0000
Commit: Warner Losh <imp@FreeBSD.org>
CommitDate: 2024-10-11 15:50:08 +0000
lpd: Tighten permissions on /var/run/printer
Exclude group read/write permissions as well. Otherwise, group wheel can
submit things w/o the normal accounting. While group wheel is generally
trusted on the machine, submitting jobs w/o checks is not one of the
functions we document for that group.
PR: 17289
Differential Revision: https://reviews.freebsd.org/D47040
---
usr.sbin/lpr/lpd/lpd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.sbin/lpr/lpd/lpd.c b/usr.sbin/lpr/lpd/lpd.c
index b78077dfa225..089b8fedc2d5 100644
--- a/usr.sbin/lpr/lpd/lpd.c
+++ b/usr.sbin/lpr/lpd/lpd.c
@@ -314,7 +314,7 @@ main(int argc, char **argv)
sigaddset(&nmask, SIGTERM);
sigprocmask(SIG_BLOCK, &nmask, &omask);
- (void) umask(07);
+ (void) umask(077);
signal(SIGHUP, mcleanup);
signal(SIGINT, mcleanup);
signal(SIGQUIT, mcleanup);