diff options
| author | Gerald Carter <jerry@samba.org> | 2004-04-29 07:21:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:51:21 -0500 |
| commit | 52df0905cdb68c0b83f64ccca39d377254e371cc (patch) | |
| tree | 328a1380bda7f9fc4bebe0c8b63bd22d4ecf6e0f /examples/printing | |
| parent | 8106d8097258eae260ed834399881bf0be9b515b (diff) | |
| download | samba-52df0905cdb68c0b83f64ccca39d377254e371cc.tar.gz samba-52df0905cdb68c0b83f64ccca39d377254e371cc.tar.xz samba-52df0905cdb68c0b83f64ccca39d377254e371cc.zip | |
r397: BUG 1199: check logfile before writing debug output
Diffstat (limited to 'examples/printing')
| -rwxr-xr-x | examples/printing/smbprint | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/examples/printing/smbprint b/examples/printing/smbprint index 61ee41f4440..e2bbdc2f16e 100755 --- a/examples/printing/smbprint +++ b/examples/printing/smbprint @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # This script is an input filter for printcap printing on a unix machine. It # uses the smbclient program to print the file to the specified smb-based @@ -102,7 +102,33 @@ if [ $TRANS -eq 1 ]; then command="translate;$command"; fi -debugfile="/tmp/smb-print.log" +## +## Some security checks on the logfile if we are using it +## +## make the directory containing the logfile is necessary +## and set the permissions to be rwx for owner only +## + +debugfile="/tmp/smb-print/logfile" +logdir=`dirname $debugfile` +if [ ! -d $logdir ]; then + mkdir -m 0700 $logdir +fi + +## +## check ownership. If I don't own it refuse to +## create the logfile +## +if [ ! -O $logdir ]; then + echo "user running script does not own $logdir. Ignoring any debug options." + debug="" +fi + +## +## We should be safe at this point to create the log file +## without fear of a symlink attack -- move on to more script work. +## + if [ "x$debug" = "x" ] ; then debugfile=/dev/null debugargs= else |