|
|
63b906b |
diff -up cups-1.7.0/cups/usersys.c.str4327 cups-1.7.0/cups/usersys.c
|
|
|
63b906b |
--- cups-1.7.0/cups/usersys.c.str4327 2013-07-10 15:08:39.000000000 +0100
|
|
|
63b906b |
+++ cups-1.7.0/cups/usersys.c 2014-01-08 16:30:40.443026913 +0000
|
|
|
63b906b |
@@ -875,7 +875,25 @@ _cupsSetDefaults(void)
|
|
|
63b906b |
cups_expiredcerts = getenv("CUPS_EXPIREDCERTS");
|
|
|
63b906b |
|
|
|
63b906b |
if ((cups_user = getenv("CUPS_USER")) == NULL)
|
|
|
63b906b |
- cups_user = getenv("USER");
|
|
|
63b906b |
+ {
|
|
|
63b906b |
+ /*
|
|
|
63b906b |
+ * Try the USER environment variable...
|
|
|
63b906b |
+ */
|
|
|
63b906b |
+
|
|
|
63b906b |
+ if ((cups_user = getenv("USER")) != NULL)
|
|
|
63b906b |
+ {
|
|
|
63b906b |
+ /*
|
|
|
63b906b |
+ * Validate USER matches the current UID, otherwise don't allow it to
|
|
|
63b906b |
+ * override things... This makes sure that printing after doing su or
|
|
|
63b906b |
+ * sudo records the correct username.
|
|
|
63b906b |
+ */
|
|
|
63b906b |
+
|
|
|
63b906b |
+ struct passwd *pw; /* Account information */
|
|
|
63b906b |
+
|
|
|
63b906b |
+ if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
|
|
|
63b906b |
+ cups_user = NULL;
|
|
|
63b906b |
+ }
|
|
|
63b906b |
+ }
|
|
|
63b906b |
|
|
|
63b906b |
/*
|
|
|
63b906b |
* Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
|