diff options
| author | Michael Vogt <mvo@ubuntu.com> | 2014-10-13 10:57:30 +0200 |
|---|---|---|
| committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-13 11:29:47 +0200 |
| commit | 9983999d294887046abf386adc31190700d89b61 (patch) | |
| tree | 441df32a5b9767c69b9517c4ae180b953d8dc283 /apt-pkg | |
| parent | 954d30df8d8b0fb4fa203d09674a4fe1e990e55c (diff) | |
Fix backward compatiblity of the new pkgAcquireMethod::DropPrivsOrDie()
Do not drop privileges in the methods when using a older version of
libapt that does not support the chown magic in partial/ yet. To
do this DropPrivileges() now will ignore a empty Apt::Sandbox::User.
Cleanup all hardcoded _apt along the way.
Diffstat (limited to 'apt-pkg')
| -rw-r--r-- | apt-pkg/acquire-item.cc | 12 | ||||
| -rw-r--r-- | apt-pkg/acquire.cc | 5 | ||||
| -rw-r--r-- | apt-pkg/contrib/fileutl.cc | 7 | ||||
| -rw-r--r-- | apt-pkg/init.cc | 3 |
4 files changed, 21 insertions, 6 deletions
diff --git a/apt-pkg/acquire-item.cc b/apt-pkg/acquire-item.cc index 97ff1bd18..44d45cedb 100644 --- a/apt-pkg/acquire-item.cc +++ b/apt-pkg/acquire-item.cc @@ -215,7 +215,11 @@ bool pkgAcquire::Item::Rename(string From,string To) void pkgAcquire::Item::QueueURI(ItemDesc &Item) { if (RealFileExists(DestFile)) - ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), "_apt", "root", 0600); + { + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("GetPartialFileName", DestFile.c_str(), + SandboxUser.c_str(), "root", 0600); + } Owner->Enqueue(Item); } void pkgAcquire::Item::Dequeue() @@ -2486,7 +2490,8 @@ bool pkgAcqArchive::QueueNext() else { PartialSize = Buf.st_size; - ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext", DestFile.c_str(), "_apt", "root", 0600); + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("pkgAcqArchive::QueueNext",DestFile.c_str(), SandboxUser.c_str(), "root", 0600); } } @@ -2654,7 +2659,8 @@ pkgAcqFile::pkgAcqFile(pkgAcquire *Owner,string URI, HashStringList const &Hashe else { PartialSize = Buf.st_size; - ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), "_apt", "root", 0600); + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + ChangeOwnerAndPermissionOfFile("pkgAcqFile", DestFile.c_str(), SandboxUser.c_str(), "root", 0600); } } diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index 34c7f06de..3ef912600 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -83,10 +83,11 @@ static bool SetupAPTPartialDirectory(std::string const &grand, std::string const if (getuid() == 0) // if we aren't root, we can't chown, so don't try it { - struct passwd *pw = getpwnam("_apt"); + std::string SandboxUser = _config->Find("APT::Sandbox::User"); + struct passwd *pw = getpwnam(SandboxUser.c_str()); struct group *gr = getgrnam("root"); if (pw != NULL && gr != NULL && chown(partial.c_str(), pw->pw_uid, gr->gr_gid) != 0) - _error->WarningE("SetupAPTPartialDirectory", "chown to _apt:root of directory %s failed", partial.c_str()); + _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of directory %s failed", SandboxUser.c_str(), partial.c_str()); } if (chmod(partial.c_str(), 0700) != 0) _error->WarningE("SetupAPTPartialDirectory", "chmod 0700 of directory %s failed", partial.c_str()); diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 3e592d94f..f6351b7b5 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -2168,6 +2168,12 @@ bool DropPrivileges() /*{{{*/ if(_config->FindB("Debug::NoDropPrivs", false) == true) return true; + // empty setting disables DropPrivilidges - this also ensures + // backward compatibility, see bug #764506 + const std::string toUser = _config->Find("APT::Sandbox::User"); + if (toUser.empty()) + return true; + #if __gnu_linux__ #if defined(PR_SET_NO_NEW_PRIVS) && ( PR_SET_NO_NEW_PRIVS != 38 ) #error "PR_SET_NO_NEW_PRIVS is defined, but with a different value than expected!" @@ -2186,7 +2192,6 @@ bool DropPrivileges() /*{{{*/ if (old_uid != 0) return true; - const std::string toUser = _config->Find("APT::Sandbox::User", "_apt"); struct passwd *pw = getpwnam(toUser.c_str()); if (pw == NULL) return _error->Error("No user %s, can not drop rights", toUser.c_str()); diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index 82dff4ee8..8d206e428 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -95,6 +95,9 @@ bool pkgInitConfig(Configuration &Cnf) // Default cdrom mount point Cnf.CndSet("Acquire::cdrom::mount", "/media/cdrom/"); + // The default user we drop to in the methods + Cnf.CndSet("APT::Sandbox::User", "_apt"); + bool Res = true; // Read an alternate config file |