diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2014-06-24 16:02:51 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2014-06-24 16:02:51 +0000 |
commit | 6e4925fbe63edc68e0e9aaf443b00ef949d32950 (patch) | |
tree | 338ad4d6d031d49269c55bf382595639194fb12c /scheduler/process.c | |
parent | 99328a65fc234ba3478252b53d31fac720ac5da9 (diff) |
One quick fix to prevent write access to the CUPS spool directory.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11943 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'scheduler/process.c')
-rw-r--r-- | scheduler/process.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scheduler/process.c b/scheduler/process.c index b25ac5674..a036dfa07 100644 --- a/scheduler/process.c +++ b/scheduler/process.c @@ -290,6 +290,10 @@ cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ "))\n", testroot); } + cupsFilePrintf(fp, + "(deny file-write* file-read-data file-read-metadata\n" + " (regex #\"^%s$\" #\"^%s/\"))\n", + request, request); if (job_id) { /* Allow job filters to read the current job files... */ |