Le mardi, 27 novembre 2012 15.30:46, Marc Deslauriers a écrit : > FYI, as a security fix for our stable releases in Ubuntu, we plan on > disabling cupsd.conf modification in the web interface entirely. > Attached is the patch we plan on using.
Hi Marc, while testing your patch I noticed it was not masking the "Edit Configuration File" input button in all locales (found in templates/*/admin.tmpl in 1.5.3). Updated patch is attached. Cheers, OdyX
Description: fix privilege escalation by disabling config file editing via the web interface Author: Marc Deslauriers <marc.deslauri...@canonical.com> Forwarded: No Bug: https://www.cups.org/str.php?L4223 Bug-Debian: http://bugs.debian.org/692791 --- a/doc/help/policies.html +++ b/doc/help/policies.html @@ -19,7 +19,7 @@ <P>Policies are stored in the <VAR>cupsd.conf</VAR> file in <A HREF="ref-cupsd-conf.html#Policy"><TT>Policy</TT></A> sections. Each policy has an alphanumeric name that is used to select it. Inside the policy section are one or more <A HREF="ref-cupsd-conf.html#LimitIPP"><TT>Limit</TT></A> subsections which list the operations that are affected by the rules inside it. <A HREF="#LISTING01">Listing 1</A> shows the default operation policy, appropriately called "default", that is shipped with CUPS.</P> -<P>The easiest way to add a policy to the <VAR>cupsd.conf</VAR> file is to use the web interface. Click on the <VAR>Administration</VAR> tab and then the <VAR>Edit Configuration File</VAR> button to edit the current <VAR>cupsd.conf</VAR> file. Click on the <VAR>Save Changes</VAR> button to save the changes and restart the scheduler. If you edit the <VAR>cupsd.conf</VAR> file from the console, make sure to <A HREF="ref-cupsd-conf.html">restart the cupsd process</A> before trying to use the new policy.</P> +<P>If you edit the <VAR>cupsd.conf</VAR> file from the console, make sure to <A HREF="ref-cupsd-conf.html">restart the cupsd process</A> before trying to use the new policy.</P> <PRE CLASS="example"> <EM>Listing 1: <A NAME="LISTING01">Default Operation Policy</A></EM> --- a/templates/admin.tmpl +++ b/templates/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Server</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Edit Configuration File"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="View Access Log"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="View Error Log"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="View Page Log"></FORM> --- a/cgi-bin/admin.c +++ b/cgi-bin/admin.c @@ -1900,6 +1900,7 @@ cgiEndHTML(); } +#if 0 /* Disabled to fix CVE-2012-5519 security issue */ else if (cgiGetVariable("SAVECHANGES") && cgiGetVariable("CUPSDCONF")) { /* @@ -2144,6 +2145,7 @@ cgiEndHTML(); } +#endif } --- a/templates/de/admin.tmpl +++ b/templates/de/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Server</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Konfigurationsdatei bearbeiten"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Zugriffsprotokoll betrachten"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Fehlerprotokoll betrachten"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Seitenprotokoll betrachten"></FORM> --- a/templates/es/admin.tmpl +++ b/templates/es/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Servidor</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Editar archivo configuración"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver archivo de registro de accesos"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver archivo de registro de errores"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ver archivo de registro de páginas"></FORM> --- a/templates/eu/admin.tmpl +++ b/templates/eu/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Zerbitzaria</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Editatu konfigurazioko fitxategia"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ikusi atzipenen egunkaria"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ikusi erroreen egunkaria"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Ikusi orrialdeen egunkaria"></FORM> --- a/templates/fr/admin.tmpl +++ b/templates/fr/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Serveur</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Editer le Fichier de Configuration"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualiser Access Log"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualiser Error Log"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualiser Page Log"></FORM> --- a/templates/hu/admin.tmpl +++ b/templates/hu/admin.tmpl @@ -32,7 +32,6 @@ <H2 CLASS="title">Kiszolgáló</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Konfigurációs fájl szerkesztése"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Hozzáférési napló megjelenítése"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Hibanapló megjelenítése"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Oldalnapló megjelenítése"></FORM> --- a/templates/id/admin.tmpl +++ b/templates/id/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Server</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Sunting Berkas Konfigurasi"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Lihat Log Akses"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Lihat Log Kesalahan"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Lihat Log Halaman"></FORM> --- a/templates/it/admin.tmpl +++ b/templates/it/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Server</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Modifica file di configurazione"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Mostra registro degli accessi"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualizza registro di errore"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Visualizza registro delle pagine"></FORM> --- a/templates/ja/admin.tmpl +++ b/templates/ja/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">サーバー</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="設定ファイルの編集"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="アクセスログの表示"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="エラーログの表示"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="ページログの表示"></FORM> --- a/templates/pl/admin.tmpl +++ b/templates/pl/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Serwery</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Modyfikowanie pliku konfiguracji"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Przeglądanie dziennika dostępu"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Przeglądanie dziennika błędów"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Przeglądanie dziennika stron"></FORM> --- a/templates/ru/admin.tmpl +++ b/templates/ru/admin.tmpl @@ -28,7 +28,6 @@ <H2 CLASS="title">Сервер</H2> <P> -<FORM ACTION="/admin/" METHOD="POST"><INPUT TYPE="HIDDEN" NAME="org.cups.sid" VALUE="{$org.cups.sid}"><INPUT TYPE="HIDDEN" NAME="OP" VALUE="config-server"><INPUT TYPE="SUBMIT" VALUE="Редактировать конфигурационный файл"></FORM> <FORM ACTION="/admin/log/access_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Показать журнал заданий"></FORM> <FORM ACTION="/admin/log/error_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Показать журнал ошибок"></FORM> <FORM ACTION="/admin/log/page_log" METHOD="GET"><INPUT TYPE="SUBMIT" VALUE="Показать журнал страниц"></FORM>