1. 12 Oct, 2012 4 commits
  2. 10 Oct, 2012 2 commits
    • Vincent Untz's avatar
      Also change supplementary groups when changing effective uid/gid · a397b908
      Vincent Untz authored
      Thanks to Alexander Peslyak <solar@openwall.com> and Sebastian Krahmer
      <krahmer@suse.de> for catching this.
      
      Part of fix for CVE-2012-4510.
      a397b908
    • Vincent Untz's avatar
      Fix a bunch of issues when getting/putting a file from cups · 6995d308
      Vincent Untz authored
      There was basically no check for permissions. Now, we temporarily change
      our effective uid/gid to the one of the user to open the file for
      writing (when getting) or reading (when putting). We then only use
      operations that work on the file descriptor to avoid potential race
      conditions.
      
      Before that, people could:
       - overwrite any file with the content of a cups resource
       - put any file in a cups resource
      
      Part of fix for CVE-2012-4510.
      6995d308
  3. 04 Oct, 2012 1 commit
  4. 03 Oct, 2012 2 commits
  5. 02 Oct, 2012 1 commit
  6. 27 Mar, 2012 2 commits
  7. 16 Mar, 2012 3 commits
  8. 13 Mar, 2012 1 commit
  9. 02 Mar, 2012 6 commits
  10. 22 Feb, 2012 2 commits
  11. 01 Feb, 2012 2 commits
  12. 16 Jan, 2012 1 commit
  13. 20 Dec, 2011 1 commit
  14. 26 Sep, 2011 3 commits
  15. 19 Sep, 2011 3 commits
  16. 25 Jul, 2011 3 commits
  17. 06 Jul, 2011 3 commits