summaryrefslogtreecommitdiff
path: root/cmdline
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-08-31 11:00:12 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-08-31 11:00:12 +0200
commit7c8206bf26b8ef6020b543bbc027305dee8f2308 (patch)
tree0a2df6cb2f5979735a9532ea61e11fa2207793f4 /cmdline
parentdd6da7d2392e2ad35c444ebc2d7bc2308380530c (diff)
if file is inaccessible for _apt, disable privilege drop in acquire
We had a very similar method previously for our own private usage, but with some generalisation we can move this check into the acquire system proper so that all frontends profit from this compatibility change. As we are disabling a security feature here a warning is issued and frontends are advised to consider reworking their download logic if possible. Note that this is implemented as an all or nothing situation: We can't just (not) drop privileges for a subset of the files in a fetcher, so in case you have to download some files with and some without you need to use two fetchers.
Diffstat (limited to 'cmdline')
-rw-r--r--cmdline/apt-get.cc8
-rw-r--r--cmdline/apt-helper.cc3
2 files changed, 0 insertions, 11 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc
index d3b3da240..ebc8c94c2 100644
--- a/cmdline/apt-get.cc
+++ b/cmdline/apt-get.cc
@@ -629,9 +629,6 @@ static bool DoDownload(CommandLine &CmdL)
return true;
}
- // Disable drop-privs if "_apt" can not write to the target dir
- CheckDropPrivsMustBeDisabled(Fetcher);
-
if (_error->PendingError() == true || CheckAuth(Fetcher, false) == false)
return false;
@@ -850,9 +847,6 @@ static bool DoSource(CommandLine &CmdL)
return true;
}
- // Disable drop-privs if "_apt" can not write to the target dir
- CheckDropPrivsMustBeDisabled(Fetcher);
-
// check authentication status of the source as well
if (UntrustedList.empty() == false && AuthPrompt(UntrustedList, false) == false)
return false;
@@ -1403,8 +1397,6 @@ static bool DoChangelog(CommandLine &CmdL)
if (printOnly == false)
{
- // Note: CheckDropPrivsMustBeDisabled isn't needed here as the download happens in a dedicated tempdir
-
bool Failed = false;
if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true)
return false;
diff --git a/cmdline/apt-helper.cc b/cmdline/apt-helper.cc
index d235ac315..3c49bf149 100644
--- a/cmdline/apt-helper.cc
+++ b/cmdline/apt-helper.cc
@@ -68,9 +68,6 @@ static bool DoDownloadFile(CommandLine &CmdL)
fileind += 3;
}
- // Disable drop-privs if "_apt" can not write to the target dir
- CheckDropPrivsMustBeDisabled(Fetcher);
-
bool Failed = false;
if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true)
return _error->Error(_("Download Failed"));