diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2016-11-09 19:15:01 +0100 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2017-02-22 18:11:43 +0100 |
| commit | ba6c85665c06a8151f13469811365b71842b5fc4 (patch) | |
| tree | 86dd3476b001633b4fe647525d970b56a6b64eaf | |
| parent | 2a6d2e9c0781a0a7bb5d2aad7b8bdbee315d4461 (diff) | |
reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges
We can't cleanup the environment like e.g. sudo would do as you usually
want the environment to "leak" into these helpers, but some variables
like HOME should really not have still the value of the root user – it
could confuse the helpers (USER) and HOME isn't accessible anyhow.
Closes: 842877
(cherry picked from commit 34b491e735ad47c4805e63f3b83a659b8d10262b)
(cherry picked from commit cc5919076ba1c2dab773a6c06cb3dd5497f0c656)
| -rw-r--r-- | apt-pkg/contrib/fileutl.cc | 20 | ||||
| -rw-r--r-- | debian/tests/run-tests | 2 | ||||
| -rw-r--r-- | test/integration/framework | 6 | ||||
| -rwxr-xr-x | test/integration/skip-apt-dropprivs | 32 | ||||
| -rw-r--r-- | test/interactive-helper/aptdropprivs.cc | 27 | ||||
| -rw-r--r-- | test/interactive-helper/makefile | 6 |
6 files changed, 89 insertions, 4 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index fbf077841..e18fa7cf3 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -2992,6 +2992,26 @@ bool DropPrivileges() /*{{{*/ return _error->Error("Could restore a uid to root, privilege dropping did not work"); } + if (_config->FindB("APT::Sandbox::ResetEnvironment", true)) + { + setenv("HOME", pw->pw_dir, 1); + setenv("USER", pw->pw_name, 1); + setenv("USERNAME", pw->pw_name, 1); + setenv("LOGNAME", pw->pw_name, 1); + auto const shell = flNotDir(pw->pw_shell); + if (shell == "false" || shell == "nologin") + setenv("SHELL", "/bin/sh", 1); + else + setenv("SHELL", pw->pw_shell, 1); + auto const tmpdir = getenv("TMPDIR"); + if (tmpdir != nullptr) + { + auto const ourtmpdir = GetTempDir(); + if (ourtmpdir != tmpdir) + setenv("TMPDIR", ourtmpdir.c_str(), 1); + } + } + return true; } /*}}}*/ diff --git a/debian/tests/run-tests b/debian/tests/run-tests index f858adf5f..90179d0b4 100644 --- a/debian/tests/run-tests +++ b/debian/tests/run-tests @@ -12,7 +12,7 @@ make -C test/interactive-helper/ # the host env does not pollute our environment env -i \ APT_INTEGRATION_TESTS_SOURCE_DIR=$(pwd) \ -APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR=$(pwd)/build/bin \ +APT_INTEGRATION_TESTS_HELPERS_BIN_DIR=$(pwd)/build/bin \ APT_INTEGRATION_TESTS_METHODS_DIR=/usr/lib/apt/methods \ APT_INTEGRATION_TESTS_LIBEXEC_DIR=/usr/lib/apt/ \ APT_INTEGRATION_TESTS_INTERNAL_SOLVER=/usr/lib/apt/solvers/apt \ diff --git a/test/integration/framework b/test/integration/framework index 7fdf21bed..83fb915cf 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -186,7 +186,7 @@ aptmark() { runapt apt-mark "$@"; } aptsortpkgs() { runapt apt-sortpkgs "$@"; } apt() { runapt apt "$@"; } apthelper() { runapt "${APTHELPERBINDIR}/apt-helper" "$@"; } -aptwebserver() { runapt "${APTWEBSERVERBINDIR}/aptwebserver" "$@"; } +aptwebserver() { runapt "${APTTESTHELPERSBINDIR}/aptwebserver" "$@"; } aptitude() { runapt aptitude "$@"; } aptextracttemplates() { runapt apt-extracttemplates "$@"; } aptinternalsolver() { runapt "${APTINTERNALSOLVER}" "$@"; } @@ -280,7 +280,7 @@ setupenvironment() { LIBRARYPATH="${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}"}" METHODSDIR="${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/methods"}" APTHELPERBINDIR="${APT_INTEGRATION_TESTS_LIBEXEC_DIR:-"${BUILDDIRECTORY}"}" - APTWEBSERVERBINDIR="${APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR:-"${BUILDDIRECTORY}"}" + APTTESTHELPERSBINDIR="${APT_INTEGRATION_TESTS_HELPERS_BIN_DIR:-"${BUILDDIRECTORY}"}" APTINTERNALSOLVER="${APT_INTEGRATION_TESTS_INTERNAL_SOLVER:-"${BUILDDIRECTORY}/apt-internal-solver"}" APTDUMPSOLVER="${APT_INTEGRATION_TESTS_DUMP_SOLVER:-"${BUILDDIRECTORY}/apt-dump-solver"}" test -x "${BUILDDIRECTORY}/apt-get" || msgdie "You need to build tree first" @@ -1212,7 +1212,7 @@ changetowebserver() { else shift fi - if test -x "${APTWEBSERVERBINDIR}/aptwebserver"; then + if test -x "${APTTESTHELPERSBINDIR}/aptwebserver"; then cd aptarchive local LOG="webserver.log" if ! aptwebserver --port 0 -o aptwebserver::fork=1 -o aptwebserver::portfile='aptwebserver.port' "$@" >$LOG 2>&1 ; then diff --git a/test/integration/skip-apt-dropprivs b/test/integration/skip-apt-dropprivs new file mode 100755 index 000000000..e0dd741cd --- /dev/null +++ b/test/integration/skip-apt-dropprivs @@ -0,0 +1,32 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture 'amd64' + +aptdropprivs() { runapt "${APTTESTHELPERSBINDIR}/aptdropprivs" "$@"; } + +testsuccess aptdropprivs -- /bin/true +testsuccess aptdropprivs --user "$USER" -- /bin/true +testsuccess aptdropprivs --user 'nobody' -- /bin/true +testsuccess aptdropprivs --user '_apt' -- /bin/true + +IDBIN='/usr/bin/id' +testsuccessequal "$("$IDBIN")" aptdropprivs --user "$USER" -- "$IDBIN" + +SUDOBIN='/usr/bin/sudo' +testequal "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?" aptdropprivs --user 'nobody' -- "$SUDOBIN" "$IDBIN" + +if [ "$(id -u)" = '0' ]; then + testsuccessequal '_apt' aptdropprivs --user '_apt' -- "$IDBIN" '-un' + testsuccess aptdropprivs --user '_apt' -- '/bin/sh' '-c' 'export' + cp rootdir/tmp/testsuccess.output apt.env + testsuccessequal "export HOME='/nonexistent'" grep '^export HOME' apt.env + testsuccessequal "export USER='_apt' +export USERNAME='_apt'" grep '^export USER' apt.env + testsuccessequal "export LOGNAME='_apt'" grep '^export LOGNAME' apt.env + testsuccessequal "export SHELL='/bin/sh'" grep '^export SHELL=' apt.env +fi diff --git a/test/interactive-helper/aptdropprivs.cc b/test/interactive-helper/aptdropprivs.cc new file mode 100644 index 000000000..1cc04f36a --- /dev/null +++ b/test/interactive-helper/aptdropprivs.cc @@ -0,0 +1,27 @@ +#include <config.h> + +#include <apt-pkg/cmndline.h> +#include <apt-pkg/configuration.h> +#include <apt-pkg/error.h> +#include <apt-pkg/fileutl.h> + +#include <unistd.h> + +int main(int const argc, const char * argv[]) +{ + CommandLine::Args Args[] = { + {'c',"config-file",0,CommandLine::ConfigFile}, + {'o',"option",0,CommandLine::ArbItem}, + {0, "user", "APT::Sandbox::User", CommandLine::HasArg}, + {0,0,0,0} + }; + + CommandLine CmdL(Args, _config); + if(CmdL.Parse(argc,argv) == false || DropPrivileges() == false) + { + _error->DumpErrors(std::cerr, GlobalError::DEBUG); + return 42; + } + + return execv(CmdL.FileList[0], const_cast<char**>(CmdL.FileList)); +} diff --git a/test/interactive-helper/makefile b/test/interactive-helper/makefile index 096767c41..450308ca7 100644 --- a/test/interactive-helper/makefile +++ b/test/interactive-helper/makefile @@ -51,3 +51,9 @@ SLIBS = -lapt-pkg -lpthread LIB_MAKES = apt-pkg/makefile SOURCE = aptwebserver.cc include $(PROGRAM_H) + +# Program for testing privileges +PROGRAM=aptdropprivs +SLIBS = -lapt-pkg +SOURCE = aptdropprivs.cc +include $(PROGRAM_H) |