summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-09-01 02:29:27 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-09-01 02:49:53 +0200
commit226c0f64d46019d675840b16bd44ff985b45ad0f (patch)
tree858cb73f6ea1b0dafa5467879994dd416f237cd9 /apt-pkg/acquire.cc
parent712ccb8fab59d49533ca2e178aac53f047885f86 (diff)
improve CheckDropPrivsMustBeDisabled further
Various smaller improvements so that the check deals better with already downloaded files, relative paths and other things. Git-Dch: Ignore
Diffstat (limited to 'apt-pkg/acquire.cc')
-rw-r--r--apt-pkg/acquire.cc30
1 files changed, 22 insertions, 8 deletions
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index cb32e8f2b..c7bc00e0b 100644
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -460,6 +460,8 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher)
if (pw == NULL)
return;
+ gid_t const old_euid = geteuid();
+ gid_t const old_egid = getegid();
if (setegid(pw->pw_gid) != 0)
_error->Errno("setegid", "setegid %u failed", pw->pw_gid);
if (seteuid(pw->pw_uid) != 0)
@@ -469,31 +471,43 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher)
for (pkgAcquire::ItemCIterator I = Fetcher.ItemsBegin();
I != Fetcher.ItemsEnd() && dropPrivs == true; ++I)
{
- if ((*I)->DestFile.empty())
+ std::string filename = (*I)->DestFile;
+ if (filename.empty())
+ continue;
+
+ // no need to drop privileges for a complete file
+ if ((*I)->Complete == true)
continue;
// we check directory instead of file as the file might or might not
// exist already as a link or not which complicates everything…
- std::string dirname = flNotFile((*I)->DestFile);
+ std::string dirname = flNotFile(filename);
+ if (unlikely(dirname.empty()))
+ continue;
+ // translate relative to absolute for DirectoryExists
+ // FIXME: What about ../ and ./../ ?
+ if (dirname.substr(0,2) == "./")
+ dirname = SafeGetCWD() + dirname.substr(2);
+
if (DirectoryExists(dirname))
;
else
continue; // assume it is created correctly by the acquire system
- if (faccessat(AT_FDCWD, dirname.c_str(), R_OK | W_OK | X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) != 0)
+ if (faccessat(-1, dirname.c_str(), R_OK | W_OK | X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) != 0)
{
dropPrivs = false;
_error->WarningE("pkgAcquire::Run", _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
- (*I)->DestFile.c_str(), SandboxUser.c_str());
+ filename.c_str(), SandboxUser.c_str());
_config->Set("APT::Sandbox::User", "");
break;
}
}
- if (seteuid(0) != 0)
- _error->Errno("seteuid", "seteuid %u failed", 0);
- if (setegid(0) != 0)
- _error->Errno("setegid", "setegid %u failed", 0);
+ if (seteuid(old_euid) != 0)
+ _error->Errno("seteuid", "seteuid %u failed", old_euid);
+ if (setegid(old_egid) != 0)
+ _error->Errno("setegid", "setegid %u failed", old_egid);
}
pkgAcquire::RunResult pkgAcquire::Run(int PulseIntervall)
{