diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2017-03-21 09:27:25 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2017-06-26 23:31:15 +0200 |
| commit | e250df1a623fd08f8a5afe2d94bd29a35e872725 (patch) | |
| tree | d6d67c193573f1ebe681226edfed747cb5f5451f | |
| parent | f78fb67f4b6a5673e497ba1aeb19568581173909 (diff) | |
Show permission error if ProxyAutoDetect cmd can't be executed
As the proxy commands are not executed as root, a user can run into
permission errors (s)he isn't expecting – as our switching is an
implementation detail – so the error message in that case should really
be better than a generic "error code 100" sending the user in the wrong
direction as that implies the command was executed, but errored out.
Closes: 857885
| -rw-r--r-- | apt-pkg/contrib/proxy.cc | 6 | ||||
| -rwxr-xr-x | test/integration/test-apt-helper | 2 | ||||
| -rwxr-xr-x | test/integration/test-bug-717891-abolute-uris-for-proxies | 5 |
3 files changed, 12 insertions, 1 deletions
diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc index 1b7a92c68..a26ab4fbc 100644 --- a/apt-pkg/contrib/proxy.cc +++ b/apt-pkg/contrib/proxy.cc @@ -13,7 +13,8 @@ #include<apt-pkg/strutl.h> #include<iostream> -#include <unistd.h> +#include<fcntl.h> +#include<unistd.h> #include "proxy.h" /*}}}*/ @@ -41,6 +42,9 @@ bool AutoDetectProxy(URI &URL) if (Debug) std::clog << "Using auto proxy detect command: " << AutoDetectProxyCmd << std::endl; + if (faccessat(AT_FDCWD, AutoDetectProxyCmd.c_str(), R_OK | X_OK, AT_EACCESS) != 0) + return _error->Errno("access", "ProxyAutoDetect command '%s' can not be executed!", AutoDetectProxyCmd.c_str()); + std::string const urlstring = URL; std::vector<const char *> Args; Args.push_back(AutoDetectProxyCmd.c_str()); diff --git a/test/integration/test-apt-helper b/test/integration/test-apt-helper index a936243ec..fda28968f 100755 --- a/test/integration/test-apt-helper +++ b/test/integration/test-apt-helper @@ -94,6 +94,8 @@ test_apt_helper_detect_proxy() { W: ProxyAutoDetect command returned an empty line" apthelper auto-detect-proxy http://example.com/ setupproxydetect 'http' 'echo DIRECT' testsuccessequal "Using proxy 'DIRECT' for URL 'http://example.com/'" apthelper auto-detect-proxy http://example.com/ + chmod -x "${TMPWORKINGDIRECTORY}/apt-proxy-detect" + testfailureequal "E: ProxyAutoDetect command '${TMPWORKINGDIRECTORY}/apt-proxy-detect' can not be executed! - access (13: Permission denied)" apthelper auto-detect-proxy http://example.com/ msgmsg "apt-helper $CONFNAME" 'http proxy' setupproxydetect 'http' 'echo "http://some-proxy"' diff --git a/test/integration/test-bug-717891-abolute-uris-for-proxies b/test/integration/test-bug-717891-abolute-uris-for-proxies index 323322283..5f1b7546c 100755 --- a/test/integration/test-bug-717891-abolute-uris-for-proxies +++ b/test/integration/test-bug-717891-abolute-uris-for-proxies @@ -46,3 +46,8 @@ The following NEW packages will be installed: 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Inst unrelated (0.5~squeeze1 unstable [all]) Conf unrelated (0.5~squeeze1 unstable [all])' aptget install unrelated -s + +chmod 444 "${TMPWORKINGDIRECTORY}/apt-proxy-detect" +msgtest 'Check that non-executable proxy commands result in' 'permission error' +testfailure --nomsg aptget update +testsuccess grep 'can not be executed' rootdir/tmp/testfailure.output |