Sanitize device URI in argv and use environment for auth info #933
Jim Lovell (Apple) suggests that we put the sanitized device URI in argv and only pass the full URI in the DEVICE_URI environment variable.
Apparently, the environment of processes owned by other users is not visible/accessible (at least not for Linux, OSX, IRIX, and Solaris), so the auth info won't be exposed.
We'll need to change the IPP backend to use DEVICE_URI, change StartJob() to use the sani_uri for argv, and submit a patch for smbspool to the SAMBA project.
The text was updated successfully, but these errors were encountered:
RCS file: /development/cvs/cups/scheduler/ipp.c,v
for (i = 0; i < envc; i ++)
@@ -2013,7 +2018,7 @@
filterfds[slot] = -1;
RCS file: /development/cvs/cups/scheduler/printers.c,v
+extern char *cupsdSanitizeURI(const char *uri, char *buffer,