summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2017-10-22 19:02:53 +0200
committerJulian Andres Klode <jak@debian.org>2017-10-22 19:10:57 +0200
commit0934b6b023b46cd0e2e5fa55a23a054b2feeb618 (patch)
tree3f3e426099d9d62419084843d06a7c6bb64bc85e /apt-pkg
parent1a76517470ebc2dd3f96e39ebe6f3706d6dd78da (diff)
Run the ProxyAutoDetect script in the sandbox again
The previous change moved running the proxy detection program from the method to the main process, so it runs as root and not as _apt. This brings it back into the sandbox. Gbp-Dch: ignore
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/fileutl.cc10
-rw-r--r--apt-pkg/contrib/fileutl.h2
-rw-r--r--apt-pkg/contrib/proxy.cc2
3 files changed, 13 insertions, 1 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 72813f4c3..6cc7414b0 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2913,6 +2913,11 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)/
/*}}}*/
bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr)/*{{{*/
{
+ return Popen(Args, Fd, Child, Mode, CaptureStderr, false);
+}
+ /*}}}*/
+bool Popen(const char *Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr, bool Sandbox) /*{{{*/
+{
int fd;
if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly)
return _error->Error("Popen supports ReadOnly (x)or WriteOnly mode only");
@@ -2929,6 +2934,11 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode,
return _error->Errno("fork", "Failed to fork");
if(Child == 0)
{
+ if (Sandbox && (getuid() == 0 || geteuid() == 0) && !DropPrivileges())
+ {
+ _error->DumpErrors();
+ _exit(1);
+ }
if(Mode == FileFd::ReadOnly)
{
close(Pipe[0]);
diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h
index 19b4ed49e..699b8b802 100644
--- a/apt-pkg/contrib/fileutl.h
+++ b/apt-pkg/contrib/fileutl.h
@@ -273,8 +273,10 @@ std::vector<std::string> Glob(std::string const &pattern, int flags=0);
* \param Mode is either FileFd::ReadOnly or FileFd::WriteOnly
* \param CaptureStderr True if we should capture stderr in addition to stdout.
* (default: True).
+ * \param Sandbox True if this should run sandboxed
* \return true on success, false on failure with _error set
*/
+bool Popen(const char *Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr, bool Sandbox) APT_HIDDEN;
bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr);
bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode);
diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc
index 86582e1aa..6dc3b0686 100644
--- a/apt-pkg/contrib/proxy.cc
+++ b/apt-pkg/contrib/proxy.cc
@@ -60,7 +60,7 @@ bool AutoDetectProxy(URI &URL)
Args.push_back(nullptr);
FileFd PipeFd;
pid_t Child;
- if(Popen(&Args[0], PipeFd, Child, FileFd::ReadOnly, false) == false)
+ if (Popen(&Args[0], PipeFd, Child, FileFd::ReadOnly, false, true) == false)
return _error->Error("ProxyAutoDetect command '%s' failed!", AutoDetectProxyCmd.c_str());
char buf[512];
bool const goodread = PipeFd.ReadLine(buf, sizeof(buf)) != nullptr;