touch-packages team mailing list archive

Thread
Date
[Bug 1349387] Re: server settings are inaccessible

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Bruno Nova <1349387@xxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Aug 2014 14:15:52 -0000
Reply-to: Bug 1349387 <1349387@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
It seems the check for the world-readable permission was added in the
latest security update.

"apt-get source cups", then open
cups-1.7.2/debian/patches/CVE-2014-3537.patch and look at these lines:

+ /*
+  * Similarly, if the file/directory does not have world read permissions, do
+  * not allow access...
+  */
+
+  if (!status && !(filestats->st_mode & S_IROTH))
+  {
+    cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+    return (NULL);
+  }

That looks familiar.
The permissions of all CUPS files (especially the ones mentioned in the previous comment) should be revised. The world-readable bit may be missing in those files.
Also need to see why the permissions of /etc/cups/cupsd.conf are reverted when they are changed in the GUI and fix that.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3537

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1349387

Title:
  server settings are inaccessible

Status in “cups” package in Ubuntu:
  Confirmed
Status in “system-config-printer” package in Ubuntu:
  Confirmed

Bug description:
  When trying to access server settings  via gnome gui in trusty I get a
  cups server error: "There was an HTTP error: Not found."

  Adding/removing printers with the gui works fine. The server settings
  are accessible via a web browser and the web interface.

  system-config-printer --debug (when calling the settings menu entry):
  Connected as user kiran
  Authentication pass: 1
  Authentication: password callback set
  PolicyKit call to FileGet did not work: dbus.String(u'Not Found')
  Authentication pass: 2
  Forbidden: False
  Authentication: Try as root
  Connected as user root
  Authentication pass: 3
  Forbidden: False
  Authentication: giving up

  cups access.log:
  localhost - - [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 401 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
  localhost - - [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 401 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -

  cups error.log:
  D [28/Jul/2014:13:41:22 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:22 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:22 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:22 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:22 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:22 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] No authentication data provided.
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username=""
  D [28/Jul/2014:13:41:23 +0200] [Client 16] WWW-Authenticate: Basic realm="CUPS", trc="y"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] No authentication data provided.
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username=""
  D [28/Jul/2014:13:41:23 +0200] [Client 15] WWW-Authenticate: Basic realm="CUPS", trc="y"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Authorized as root using Local
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 15] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 15] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using Local
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:24 +0200] cupsd is not idle any more, canceling shutdown.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1349387/+subscriptions