drop privileges in file:// method as we do for decompressors

We drop it in decompressors, which are the natural next step, so if an archive is used which isn't worldreadable (= not accessible by _apt) it doesn't work anyway, so we just fail a bit earlier now and avoid all the bad things which can happen over file (which could very well still be a network resourc via NFS mounts or similar stuff, so hardly as safe as the name might suggest at first).
author: David Kalnischkies <david@kalnischkies.de> 2015-10-09 22:25:13 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2015-11-04 18:04:00 +0100
commit: 0940230dd6710ff5b555bed8be3d75ae0d150a08 (patch)
tree: 55a25579ecf4e3ae853b59d18c4120727f6ea3a0 /methods/file.cc
parent: 64e3414e00906e6eaa72d7b63ca76d1c59ecadf6 (diff)
1 files changed, 12 insertions, 2 deletions
diff --git a/methods/file.cc b/methods/file.cc
index 40e85bce5..b689de619 100644
--- a/methods/file.cc
+++ b/methods/file.cc
@@ -31,11 +31,21 @@
 class FileMethod : public pkgAcqMethod
 {
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
-   
+   virtual bool Configuration(std::string Message) APT_OVERRIDE;
+
    public:
-   
+
    FileMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig | LocalOnly) {};
 };
+bool FileMethod::Configuration(std::string Message)
+{
+   if (pkgAcqMethod::Configuration(Message) == false)
+      return false;
+
+   DropPrivsOrDie();
+
+   return true;
+}
 
 // FileMethod::Fetch - Fetch a file					/*{{{*/
 // ---------------------------------------------------------------------
author	David Kalnischkies <david@kalnischkies.de>	2015-10-09 22:25:13 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2015-11-04 18:04:00 +0100
commit	0940230dd6710ff5b555bed8be3d75ae0d150a08 (patch)
tree	55a25579ecf4e3ae853b59d18c4120727f6ea3a0 /methods/file.cc
parent	64e3414e00906e6eaa72d7b63ca76d1c59ecadf6 (diff)