summaryrefslogtreecommitdiff
path: root/cmdline/apt-get.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-10-15 02:43:44 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2014-10-15 02:43:44 +0200
commit460601d53039b1d1b5688a8cd58bae10fb746f57 (patch)
treea555768f443937b165f82cc7d16a29bb6abf7f65 /cmdline/apt-get.cc
parentd4f4bcf76bb2035b7df370a82b081384140b3083 (diff)
don't drop privileges if _apt has not enough rights
Privilege dropping breaks download/source/changelog commands as they require the _apt user to have write permissions in the current directory, which is e.g. the case in /tmp, but not in /root, so we disable the privilege dropping if we deal with such a directory based on idea and code by Michael Vogt. The alternative would be to download always to a temp directory and move it then done, but this breaks partial file support. To resolve this, we could move to one of our partial/ directories, but this would require a lock which would block root from using two of these commands in parallel. As both seems unacceptable we instead let the user choose what to do: Either a directory is setupped for _apt, downloading as root is accepted or – which is potentially even better – an unprivileged user is used for the commands.
Diffstat (limited to 'cmdline/apt-get.cc')
-rw-r--r--cmdline/apt-get.cc19
1 files changed, 14 insertions, 5 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index 8448638db..8c0c50f83 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -676,6 +676,9 @@ static bool DoDownload(CommandLine &CmdL)
return true;
}
+ // Disable drop-privs if "_apt" can not write to the target dir
+ CheckDropPrivsMustBeDisabled(Fetcher);
+
if (_error->PendingError() == true || CheckAuth(Fetcher, false) == false)
return false;
@@ -858,10 +861,6 @@ static bool DoSource(CommandLine &CmdL)
}
}
- // check authentication status of the source as well
- if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
- return false;
-
// Display statistics
unsigned long long FetchBytes = Fetcher.FetchNeeded();
unsigned long long FetchPBytes = Fetcher.PartialPresent();
@@ -908,7 +907,7 @@ static bool DoSource(CommandLine &CmdL)
ioprintf(cout,_("Fetch source %s\n"),Dsc[I].Package.c_str());
return true;
}
-
+
// Just print out the uris an exit if the --print-uris flag was used
if (_config->FindB("APT::Get::Print-URIs") == true)
{
@@ -919,6 +918,13 @@ static bool DoSource(CommandLine &CmdL)
return true;
}
+ // Disable drop-privs if "_apt" can not write to the target dir
+ CheckDropPrivsMustBeDisabled(Fetcher);
+
+ // check authentication status of the source as well
+ if (UntrustedList != "" && !AuthPrompt(UntrustedList, false))
+ return false;
+
// Run it
bool Failed = false;
if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true)
@@ -1510,6 +1516,9 @@ static bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher,
// queue it
new pkgAcqFile(&Fetcher, changelog_uri, "", 0, descr, Pkg.Name(), "ignored", targetfile);
+ // Disable drop-privs if "_apt" can not write to the target dir
+ CheckDropPrivsMustBeDisabled(Fetcher);
+
// try downloading it, if that fails, try third-party-changelogs location
// FIXME: Fetcher.Run() is "Continue" even if I get a 404?!?
Fetcher.Run();