diff options
| author | David Kalnischkies <david@kalnischkies.de> | 2014-10-15 02:43:44 +0200 |
|---|---|---|
| committer | David Kalnischkies <david@kalnischkies.de> | 2014-10-15 02:43:44 +0200 |
| commit | 460601d53039b1d1b5688a8cd58bae10fb746f57 (patch) | |
| tree | a555768f443937b165f82cc7d16a29bb6abf7f65 /cmdline | |
| parent | d4f4bcf76bb2035b7df370a82b081384140b3083 (diff) | |
don't drop privileges if _apt has not enough rights
Privilege dropping breaks download/source/changelog commands as they
require the _apt user to have write permissions in the current directory,
which is e.g. the case in /tmp, but not in /root, so we disable the
privilege dropping if we deal with such a directory based on idea and
code by Michael Vogt.
The alternative would be to download always to a temp directory and move
it then done, but this breaks partial file support. To resolve this, we
could move to one of our partial/ directories, but this would require a
lock which would block root from using two of these commands in
parallel. As both seems unacceptable we instead let the user choose what
to do: Either a directory is setupped for _apt, downloading as root is
accepted or – which is potentially even better – an unprivileged user is
used for the commands.
Diffstat (limited to 'cmdline')
| -rw-r--r-- | cmdline/apt-get.cc | 19 | ||||
| -rw-r--r-- | cmdline/apt-helper.cc | 5 |
2 files changed, 18 insertions, 6 deletions
diff --git a/cmdline/apt-get.cc b/cmdline/apt-get.cc index 8448638db..8c0c50f83 100644 --- a/cmdline/apt-get.cc +++ b/cmdline/apt-get.cc @@ -676,6 +676,9 @@ static bool DoDownload(CommandLine &CmdL) return true; } + // Disable drop-privs if "_apt" can not write to the target dir + CheckDropPrivsMustBeDisabled(Fetcher); + if (_error->PendingError() == true || CheckAuth(Fetcher, false) == false) return false; @@ -858,10 +861,6 @@ static bool DoSource(CommandLine &CmdL) } } - // check authentication status of the source as well - if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) - return false; - // Display statistics unsigned long long FetchBytes = Fetcher.FetchNeeded(); unsigned long long FetchPBytes = Fetcher.PartialPresent(); @@ -908,7 +907,7 @@ static bool DoSource(CommandLine &CmdL) ioprintf(cout,_("Fetch source %s\n"),Dsc[I].Package.c_str()); return true; } - + // Just print out the uris an exit if the --print-uris flag was used if (_config->FindB("APT::Get::Print-URIs") == true) { @@ -919,6 +918,13 @@ static bool DoSource(CommandLine &CmdL) return true; } + // Disable drop-privs if "_apt" can not write to the target dir + CheckDropPrivsMustBeDisabled(Fetcher); + + // check authentication status of the source as well + if (UntrustedList != "" && !AuthPrompt(UntrustedList, false)) + return false; + // Run it bool Failed = false; if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true) @@ -1510,6 +1516,9 @@ static bool DownloadChangelog(CacheFile &CacheFile, pkgAcquire &Fetcher, // queue it new pkgAcqFile(&Fetcher, changelog_uri, "", 0, descr, Pkg.Name(), "ignored", targetfile); + // Disable drop-privs if "_apt" can not write to the target dir + CheckDropPrivsMustBeDisabled(Fetcher); + // try downloading it, if that fails, try third-party-changelogs location // FIXME: Fetcher.Run() is "Continue" even if I get a 404?!? Fetcher.Run(); diff --git a/cmdline/apt-helper.cc b/cmdline/apt-helper.cc index c240008aa..27abb2013 100644 --- a/cmdline/apt-helper.cc +++ b/cmdline/apt-helper.cc @@ -59,7 +59,10 @@ static bool DoDownloadFile(CommandLine &CmdL) // we use download_uri as descr and targetfile as short-descr new pkgAcqFile(&Fetcher, download_uri, hash, 0, download_uri, targetfile, "dest-dir-ignored", targetfile); - Fetcher.Run(); + + // Disable drop-privs if "_apt" can not write to the target dir + CheckDropPrivsMustBeDisabled(Fetcher); + bool Failed = false; if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true || FileExists(targetfile) == false) |