diff options
| author | Gerald Carter <jerry@samba.org> | 2004-04-29 07:21:25 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:51:21 -0500 |
| commit | b8f32d608fb68bd3339daba8fe93724f8f70a8ab (patch) | |
| tree | 5555d1ea8c2386433e9b684e15d8e2a73b7f194a | |
| parent | ce55cf1b825ce1d76310aff6829eafc8defe53ad (diff) | |
| download | samba-b8f32d608fb68bd3339daba8fe93724f8f70a8ab.tar.gz samba-b8f32d608fb68bd3339daba8fe93724f8f70a8ab.tar.bz2 samba-b8f32d608fb68bd3339daba8fe93724f8f70a8ab.zip | |
r397: BUG 1199: check logfile before writing debug output
(This used to be commit 52df0905cdb68c0b83f64ccca39d377254e371cc)
| -rwxr-xr-x | examples/printing/smbprint | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/examples/printing/smbprint b/examples/printing/smbprint index 61ee41f444..e2bbdc2f16 100755 --- a/examples/printing/smbprint +++ b/examples/printing/smbprint @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash # This script is an input filter for printcap printing on a unix machine. It # uses the smbclient program to print the file to the specified smb-based @@ -102,7 +102,33 @@ if [ $TRANS -eq 1 ]; then command="translate;$command"; fi -debugfile="/tmp/smb-print.log" +## +## Some security checks on the logfile if we are using it +## +## make the directory containing the logfile is necessary +## and set the permissions to be rwx for owner only +## + +debugfile="/tmp/smb-print/logfile" +logdir=`dirname $debugfile` +if [ ! -d $logdir ]; then + mkdir -m 0700 $logdir +fi + +## +## check ownership. If I don't own it refuse to +## create the logfile +## +if [ ! -O $logdir ]; then + echo "user running script does not own $logdir. Ignoring any debug options." + debug="" +fi + +## +## We should be safe at this point to create the log file +## without fear of a symlink attack -- move on to more script work. +## + if [ "x$debug" = "x" ] ; then debugfile=/dev/null debugargs= else |