diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-11-09 19:15:01 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-11-09 19:33:33 +0100 |
commit | 34b491e735ad47c4805e63f3b83a659b8d10262b (patch) | |
tree | 733fb32936d1fb4a2ec7230c54addb4bcb58e95f /test/interactive-helper | |
parent | 2c30cf43f1c4ab96f3eca849d7eb4923ffed40b1 (diff) |
reset HOME, USER(NAME), TMPDIR & SHELL in DropPrivileges
We can't cleanup the environment like e.g. sudo would do as you usually
want the environment to "leak" into these helpers, but some variables
like HOME should really not have still the value of the root user – it
could confuse the helpers (USER) and HOME isn't accessible anyhow.
Closes: 842877
Diffstat (limited to 'test/interactive-helper')
-rw-r--r-- | test/interactive-helper/CMakeLists.txt | 2 | ||||
-rw-r--r-- | test/interactive-helper/aptdropprivs.cc | 27 |
2 files changed, 29 insertions, 0 deletions
diff --git a/test/interactive-helper/CMakeLists.txt b/test/interactive-helper/CMakeLists.txt index 423fa30e6..5a32ca17e 100644 --- a/test/interactive-helper/CMakeLists.txt +++ b/test/interactive-helper/CMakeLists.txt @@ -6,6 +6,8 @@ add_executable(extract-control extract-control.cc) target_link_libraries(extract-control apt-pkg apt-inst) add_executable(aptwebserver aptwebserver.cc) target_link_libraries(aptwebserver apt-pkg ${CMAKE_THREAD_LIBS_INIT}) +add_executable(aptdropprivs aptdropprivs.cc) +target_link_libraries(aptdropprivs apt-pkg) add_executable(test_fileutl test_fileutl.cc) target_link_libraries(test_fileutl apt-pkg) diff --git a/test/interactive-helper/aptdropprivs.cc b/test/interactive-helper/aptdropprivs.cc new file mode 100644 index 000000000..1cc04f36a --- /dev/null +++ b/test/interactive-helper/aptdropprivs.cc @@ -0,0 +1,27 @@ +#include <config.h> + +#include <apt-pkg/cmndline.h> +#include <apt-pkg/configuration.h> +#include <apt-pkg/error.h> +#include <apt-pkg/fileutl.h> + +#include <unistd.h> + +int main(int const argc, const char * argv[]) +{ + CommandLine::Args Args[] = { + {'c',"config-file",0,CommandLine::ConfigFile}, + {'o',"option",0,CommandLine::ArbItem}, + {0, "user", "APT::Sandbox::User", CommandLine::HasArg}, + {0,0,0,0} + }; + + CommandLine CmdL(Args, _config); + if(CmdL.Parse(argc,argv) == false || DropPrivileges() == false) + { + _error->DumpErrors(std::cerr, GlobalError::DEBUG); + return 42; + } + + return execv(CmdL.FileList[0], const_cast<char**>(CmdL.FileList)); +} |