It seems the check for the world-readable permission was added in the
latest security update.
"apt-get source cups", then open
cups-1.7.2/debian/patches/CVE-2014-3537.patch and look at these lines:
+ /*
+ * Similarly, if the file/directory does not have world read permissions, do
+ * not allow access...
+ */
+
+ if (!status && !(filestats->st_mode & S_IROTH))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as
\"%s\" must be world-readable.", con->http.fd, filename);
+ return (NULL);
+ }
That looks familiar.
The permissions of all CUPS files (especially the ones mentioned in the
previous comment) should be revised. The world-readable bit may be missing in
those files.
Also need to see why the permissions of /etc/cups/cupsd.conf are reverted when
they are changed in the GUI and fix that.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3537
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1349387
Title:
server settings are inaccessible
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1349387/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
