diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2015-09-01 02:29:27 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2015-09-01 02:49:53 +0200 |
| commit | 226c0f64d46019d675840b16bd44ff985b45ad0f (patch) | |
| tree | 858cb73f6ea1b0dafa5467879994dd416f237cd9 /apt-pkg/acquire.cc | |
| parent | 712ccb8fab59d49533ca2e178aac53f047885f86 (diff) | |
improve CheckDropPrivsMustBeDisabled further
Various smaller improvements so that the check deals better with already
downloaded files, relative paths and other things.
Git-Dch: Ignore
Diffstat (limited to 'apt-pkg/acquire.cc')
| -rw-r--r-- | apt-pkg/acquire.cc | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index cb32e8f2b..c7bc00e0b 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -460,6 +460,8 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher) if (pw == NULL) return; + gid_t const old_euid = geteuid(); + gid_t const old_egid = getegid(); if (setegid(pw->pw_gid) != 0) _error->Errno("setegid", "setegid %u failed", pw->pw_gid); if (seteuid(pw->pw_uid) != 0) @@ -469,31 +471,43 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher) for (pkgAcquire::ItemCIterator I = Fetcher.ItemsBegin(); I != Fetcher.ItemsEnd() && dropPrivs == true; ++I) { - if ((*I)->DestFile.empty()) + std::string filename = (*I)->DestFile; + if (filename.empty()) + continue; + + // no need to drop privileges for a complete file + if ((*I)->Complete == true) continue; // we check directory instead of file as the file might or might not // exist already as a link or not which complicates everything… - std::string dirname = flNotFile((*I)->DestFile); + std::string dirname = flNotFile(filename); + if (unlikely(dirname.empty())) + continue; + // translate relative to absolute for DirectoryExists + // FIXME: What about ../ and ./../ ? + if (dirname.substr(0,2) == "./") + dirname = SafeGetCWD() + dirname.substr(2); + if (DirectoryExists(dirname)) ; else continue; // assume it is created correctly by the acquire system - if (faccessat(AT_FDCWD, dirname.c_str(), R_OK | W_OK | X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) != 0) + if (faccessat(-1, dirname.c_str(), R_OK | W_OK | X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) != 0) { dropPrivs = false; _error->WarningE("pkgAcquire::Run", _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."), - (*I)->DestFile.c_str(), SandboxUser.c_str()); + filename.c_str(), SandboxUser.c_str()); _config->Set("APT::Sandbox::User", ""); break; } } - if (seteuid(0) != 0) - _error->Errno("seteuid", "seteuid %u failed", 0); - if (setegid(0) != 0) - _error->Errno("setegid", "setegid %u failed", 0); + if (seteuid(old_euid) != 0) + _error->Errno("seteuid", "seteuid %u failed", old_euid); + if (setegid(old_egid) != 0) + _error->Errno("setegid", "setegid %u failed", old_egid); } pkgAcquire::RunResult pkgAcquire::Run(int PulseIntervall) { |