summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-10-15 03:53:47 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2014-10-15 03:53:47 +0200
commit990dd78ab46607ad06d81b36e303156040a236e2 (patch)
tree6d906cc49e85b01594347291c422f87c7ccdb02b /apt-pkg
parent68ba0b7f4e1c03edfb6f621e7e7314ea610af96b (diff)
set PR_SET_NO_NEW_PRIVS even if sandbox is disabled
Similar to 8f45798d532223adc378a4ad9ecfc64b3be26e4f, there is no harm to set this, even if we don't drop privileges. Git-Dch: Ignore
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/contrib/fileutl.cc12
1 files changed, 6 insertions, 6 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index f6351b7b5..c51eee737 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2168,12 +2168,6 @@ bool DropPrivileges() /*{{{*/
if(_config->FindB("Debug::NoDropPrivs", false) == true)
return true;
- // empty setting disables DropPrivilidges - this also ensures
- // backward compatibility, see bug #764506
- const std::string toUser = _config->Find("APT::Sandbox::User");
- if (toUser.empty())
- return true;
-
#if __gnu_linux__
#if defined(PR_SET_NO_NEW_PRIVS) && ( PR_SET_NO_NEW_PRIVS != 38 )
#error "PR_SET_NO_NEW_PRIVS is defined, but with a different value than expected!"
@@ -2185,6 +2179,12 @@ bool DropPrivileges() /*{{{*/
_error->Warning("PR_SET_NO_NEW_PRIVS failed with %i", ret);
#endif
+ // empty setting disables privilege dropping - this also ensures
+ // backward compatibility, see bug #764506
+ const std::string toUser = _config->Find("APT::Sandbox::User");
+ if (toUser.empty())
+ return true;
+
// uid will be 0 in the end, but gid might be different anyway
uid_t const old_uid = getuid();
gid_t const old_gid = getgid();