diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2014-11-14 18:01:09 +0100 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2014-11-18 02:41:20 +0100 |
| commit | 8fe964f148344b8a55252fe52b6292a4ab86ea98 (patch) | |
| tree | 26c16373683528aec01f95dabe0bf6cbd356747e | |
| parent | 1b671a9ba2e42e43f4cb1be86dc052823cf6961f (diff) | |
create our cache and lib directory always with mode 755
We autocreate for a while now the last two directories in /var/lib/apt/lists
(similar for /var/cache/apt/archives) which is very nice for systems having
any of those on tmpfs or other non-persistent storage. This also means
though that this creation is effected by the default umask, so for
people with aggressive umasks like 027 the directories will be created
with 750, which means all non-root users are left out, which is usually
exactly what we want then this umask is set, but the cache and lib
directories contain public knowledge. There isn't any need to protect
them from viewers and they render apt completely useless if not
readable.
| -rw-r--r-- | apt-pkg/acquire.cc | 7 | ||||
| -rw-r--r-- | apt-pkg/cdrom.cc | 7 | ||||
| -rw-r--r-- | test/integration/framework | 24 | ||||
| -rwxr-xr-x | test/integration/test-apt-cdrom | 1 | ||||
| -rwxr-xr-x | test/integration/test-apt-update-transactions | 6 |
5 files changed, 33 insertions, 12 deletions
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index 07c4646f5..0c815c005 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -92,8 +92,11 @@ void pkgAcquire::Initialize() static bool SetupAPTPartialDirectory(std::string const &grand, std::string const &parent) { std::string const partial = parent + "partial"; - if (CreateAPTDirectoryIfNeeded(grand, partial) == false && - CreateAPTDirectoryIfNeeded(parent, partial) == false) + mode_t const mode = umask(S_IWGRP | S_IWOTH); + bool const creation_fail = (CreateAPTDirectoryIfNeeded(grand, partial) == false && + CreateAPTDirectoryIfNeeded(parent, partial) == false); + umask(mode); + if (creation_fail == true) return false; std::string const SandboxUser = _config->Find("APT::Sandbox::User"); diff --git a/apt-pkg/cdrom.cc b/apt-pkg/cdrom.cc index b97f7b036..aaa7b82e0 100644 --- a/apt-pkg/cdrom.cc +++ b/apt-pkg/cdrom.cc @@ -822,8 +822,11 @@ bool pkgCdrom::Add(pkgCdromStatus *log) /*{{{*/ // check for existence and possibly create state directory for copying string const listDir = _config->FindDir("Dir::State::lists"); string const partialListDir = listDir + "partial/"; - if (CreateAPTDirectoryIfNeeded(_config->FindDir("Dir::State"), partialListDir) == false && - CreateAPTDirectoryIfNeeded(listDir, partialListDir) == false) + mode_t const mode = umask(S_IWGRP | S_IWOTH); + bool const creation_fail = (CreateAPTDirectoryIfNeeded(_config->FindDir("Dir::State"), partialListDir) == false && + CreateAPTDirectoryIfNeeded(listDir, partialListDir) == false); + umask(mode); + if (creation_fail == true) { UnmountCDROM(CDROM, NULL); return _error->Errno("cdrom", _("List directory %spartial is missing."), listDir.c_str()); diff --git a/test/integration/framework b/test/integration/framework index c9f62c141..191e205ce 100644 --- a/test/integration/framework +++ b/test/integration/framework @@ -203,7 +203,7 @@ setupenvironment() { mkdir rootdir aptarchive keys cd rootdir mkdir -p etc/apt/apt.conf.d etc/apt/sources.list.d etc/apt/trusted.gpg.d etc/apt/preferences.d - mkdir -p usr/bin var/cache var/lib/apt var/log tmp + mkdir -p usr/bin var/cache var/lib var/log tmp mkdir -p var/lib/dpkg/info var/lib/dpkg/updates var/lib/dpkg/triggers touch var/lib/dpkg/available mkdir -p usr/lib/apt @@ -1341,7 +1341,7 @@ testfilestats() { msgpass else echo >&2 - ls -l >&2 "$1" + ls -ld >&2 "$1" echo -n >&2 "stat(1) reports for $2: " stat --format "$2" "$1" msgfail @@ -1386,6 +1386,24 @@ listcurrentlistsdirectory() { done } +### convinience hacks ### +mkdir() { + # creating some directories by hand is a tedious task, so make it look simple + if [ "$*" = '-p rootdir/var/lib/apt/lists' ] || [ "$*" = "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists" ] || + [ "$*" = '-p rootdir/var/lib/apt/lists/partial' ] || [ "$*" = "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial" ]; then + # only the last directory created by mkdir is effected by the -m ! + command mkdir -m 755 -p "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt" + command mkdir -m 755 -p "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists" + command mkdir -m 700 -p "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial" + touch "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/lock" + if [ "$(id -u)" = '0' ]; then + chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists/partial" + fi + else + command mkdir "$@" + fi +} + ### The following tests are run by most test methods automatically to check ### general things about commands executed without writing the test every time. @@ -1410,6 +1428,8 @@ aptautotest() { aptautotest_aptget_update() { if ! test -d "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists"; then return; fi + testfilestats "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt" '%U:%G:%a' '=' "${USER}:${USER}:755" + testfilestats "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists" '%U:%G:%a' '=' "${USER}:${USER}:755" # all copied files are properly chmodded for file in $(find "${TMPWORKINGDIRECTORY}/rootdir/var/lib/apt/lists" -maxdepth 1 -type f ! -name 'lock'); do testfilestats "$file" '%U:%G:%a' '=' "${USER}:${USER}:644" diff --git a/test/integration/test-apt-cdrom b/test/integration/test-apt-cdrom index 3a33219fe..7da645e83 100755 --- a/test/integration/test-apt-cdrom +++ b/test/integration/test-apt-cdrom @@ -125,7 +125,6 @@ $CDROM_POST" aptcdromlog add msgtest 'Test for the german description translation of' 'testing' aptcache show testing -o Acquire::Languages=de | grep -q '^Description-de: ' && msgpass || msgfail rm -rf rootdir/var/lib/apt/lists -mkdir -p rootdir/var/lib/apt/lists/partial testequal "$CDROM_PRE Found 2 package indexes, 1 source indexes, 1 translation indexes and 1 signatures $CDROM_POST" aptcdromlog add diff --git a/test/integration/test-apt-update-transactions b/test/integration/test-apt-update-transactions index bf425a22e..b325733ac 100755 --- a/test/integration/test-apt-update-transactions +++ b/test/integration/test-apt-update-transactions @@ -48,11 +48,7 @@ testrun() { testsetup() { msgmsg 'Test with no initial data over' "$1" rm -rf rootdir/var/lib/apt/lists - mkdir -m 700 -p rootdir/var/lib/apt/lists/partial - touch rootdir/var/lib/apt/lists/lock - if [ "$(id -u)" = '0' ]; then - chown _apt:root rootdir/var/lib/apt/lists/partial - fi + mkdir -p rootdir/var/lib/apt/lists/partial listcurrentlistsdirectory > listsdir.lst testrun 'listsdir.lst' |