diff options
author | David Kalnischkies <david@kalnischkies.de> | 2015-08-23 13:46:35 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2015-08-27 11:27:45 +0200 |
commit | d12561703c7776f665b68c91bddb28dea0728894 (patch) | |
tree | a6ce47161e8dfa2670fdbda7551e441203b51040 /apt-pkg | |
parent | 3a8776a37af38127fb04565959e8e0e449eb04a4 (diff) |
use always priv-dropping for changelog download as root
First of, the temporary directory we download the changelog to needs to
be owned by _apt, but that also means that we don't need to check if we
could/should drop privs as the download happens to a dedicated tempdir
and only after that it is moved to its final location by a privileged user.
Diffstat (limited to 'apt-pkg')
-rw-r--r-- | apt-pkg/acquire-item.cc | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 26c835444..7dcaa25a4 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -2935,6 +2935,10 @@ void pkgAcqChangelog::Init(std::string const &DestDir, std::string const &DestFi return; } DestFile = TemporaryDirectory = tmpname; + + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("Item::QueueURI", DestFile.c_str(), + SandboxUser.c_str(), "root", 0700); } else DestFile = DestDir; |