It seems the check for the world-readable permission was added in the latest security update.
"apt-get source cups", then open cups-1.7.2/debian/patches/CVE-2014-3537.patch and look at these lines:
+ /*
+ * Similarly, if the file/directory does not have world read permissions, do
+ * not allow access...
+ */
+
+ if (!status && !(filestats->st_mode & S_IROTH))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+ return (NULL);
+ }
That looks familiar.
The permissions of all CUPS files (especially the ones mentioned in the previous comment) should be revised. The world-readable bit may be missing in those files.
Also need to see why the permissions of /etc/cups/cupsd.conf are reverted when they are changed in the GUI and fix that.
It seems the check for the world-readable permission was added in the latest security update.
"apt-get source cups", then open cups-1. 7.2/debian/ patches/ CVE-2014- 3537.patch and look at these lines:
+ /* >st_mode & S_IROTH)) (CUPSD_ LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+ * Similarly, if the file/directory does not have world read permissions, do
+ * not allow access...
+ */
+
+ if (!status && !(filestats-
+ {
+ cupsdLogMessage
+ return (NULL);
+ }
That looks familiar. cupsd.conf are reverted when they are changed in the GUI and fix that.
The permissions of all CUPS files (especially the ones mentioned in the previous comment) should be revised. The world-readable bit may be missing in those files.
Also need to see why the permissions of /etc/cups/