diff options
| -rw-r--r-- | apt-pkg/acquire-method.cc | 2 | ||||
| -rw-r--r-- | apt-pkg/contrib/fileutl.cc | 61 | ||||
| -rw-r--r-- | apt-pkg/contrib/fileutl.h | 2 | ||||
| -rw-r--r-- | cmdline/apt-dump-solver.cc | 2 | ||||
| -rw-r--r-- | cmdline/apt-internal-solver.cc | 2 |
5 files changed, 34 insertions, 35 deletions
diff --git a/apt-pkg/acquire-method.cc b/apt-pkg/acquire-method.cc index cbcbea247..8533e319f 100644 --- a/apt-pkg/acquire-method.cc +++ b/apt-pkg/acquire-method.cc @@ -127,7 +127,7 @@ void pkgAcqMethod::Fail(string Err,bool Transient) /* */ void pkgAcqMethod::DropPrivsOrDie() { - if (!DropPrivs()) { + if (!DropPrivileges()) { Fail(false); exit(112); /* call the european emergency number */ } diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index c5eb56f0e..3e592d94f 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -857,11 +857,7 @@ bool ExecWait(pid_t Pid,const char *Name,bool Reap) return true; } /*}}}*/ - - -// StartsWithGPGClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/ -// --------------------------------------------------------------------- -/* */ +// StartsWithGPGClearTextSignature - Check if a file is Pgp/GPG clearsigned /*{{{*/ bool StartsWithGPGClearTextSignature(string const &FileName) { static const char* SIGMSG = "-----BEGIN PGP SIGNED MESSAGE-----\n"; @@ -877,7 +873,7 @@ bool StartsWithGPGClearTextSignature(string const &FileName) return true; } - + /*}}}*/ class FileFdPrivate { /*{{{*/ public: @@ -2035,10 +2031,7 @@ APT_DEPRECATED gzFile FileFd::gzFd() { #endif } - -// Glob - wrapper around "glob()" /*{{{*/ -// --------------------------------------------------------------------- -/* */ +// Glob - wrapper around "glob()" /*{{{*/ std::vector<std::string> Glob(std::string const &pattern, int flags) { std::vector<std::string> result; @@ -2064,8 +2057,7 @@ std::vector<std::string> Glob(std::string const &pattern, int flags) return result; } /*}}}*/ - -std::string GetTempDir() +std::string GetTempDir() /*{{{*/ { const char *tmpdir = getenv("TMPDIR"); @@ -2081,8 +2073,8 @@ std::string GetTempDir() return string(tmpdir); } - -FileFd* GetTempFile(std::string const &Prefix, bool ImmediateUnlink) + /*}}}*/ +FileFd* GetTempFile(std::string const &Prefix, bool ImmediateUnlink) /*{{{*/ { char fn[512]; FileFd *Fd = new FileFd(); @@ -2106,19 +2098,19 @@ FileFd* GetTempFile(std::string const &Prefix, bool ImmediateUnlink) return Fd; } - -bool Rename(std::string From, std::string To) + /*}}}*/ +bool Rename(std::string From, std::string To) /*{{{*/ { if (rename(From.c_str(),To.c_str()) != 0) { _error->Error(_("rename failed, %s (%s -> %s)."),strerror(errno), From.c_str(),To.c_str()); return false; - } + } return true; } - -bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode) + /*}}}*/ +bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)/*{{{*/ { int fd; if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly) @@ -2170,29 +2162,35 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode) return true; } - -bool DropPrivs() + /*}}}*/ +bool DropPrivileges() /*{{{*/ { + if(_config->FindB("Debug::NoDropPrivs", false) == true) + return true; + +#if __gnu_linux__ +#if defined(PR_SET_NO_NEW_PRIVS) && ( PR_SET_NO_NEW_PRIVS != 38 ) +#error "PR_SET_NO_NEW_PRIVS is defined, but with a different value than expected!" +#endif + // see prctl(2), needs linux3.5 at runtime - magic constant to avoid it at buildtime + int ret = prctl(38, 1, 0, 0, 0); + // ignore EINVAL - kernel is too old to understand the option + if(ret < 0 && errno != EINVAL) + _error->Warning("PR_SET_NO_NEW_PRIVS failed with %i", ret); +#endif + // uid will be 0 in the end, but gid might be different anyway - uid_t old_uid = getuid(); - gid_t old_gid = getgid(); + uid_t const old_uid = getuid(); + gid_t const old_gid = getgid(); if (old_uid != 0) return true; - if(_config->FindB("Debug::NoDropPrivs", false) == true) - return true; const std::string toUser = _config->Find("APT::Sandbox::User", "_apt"); struct passwd *pw = getpwnam(toUser.c_str()); if (pw == NULL) return _error->Error("No user %s, can not drop rights", toUser.c_str()); -#if __gnu_linux__ - // see prctl(2), needs linux3.5 - int ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0,0, 0); - if(ret < 0) - _error->Warning("PR_SET_NO_NEW_PRIVS failed with %i", ret); -#endif // Do not change the order here, it might break things if (setgroups(1, &pw->pw_gid)) return _error->Errno("setgroups", "Failed to setgroups"); @@ -2259,3 +2257,4 @@ bool DropPrivs() return true; } + /*}}}*/ diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h index 9dd29eb9e..a64d6cb98 100644 --- a/apt-pkg/contrib/fileutl.h +++ b/apt-pkg/contrib/fileutl.h @@ -210,7 +210,7 @@ bool StartsWithGPGClearTextSignature(std::string const &FileName); * * \return true on success, false on failure with _error set */ -bool DropPrivs(); +bool DropPrivileges(); // File string manipulators std::string flNotDir(std::string File); diff --git a/cmdline/apt-dump-solver.cc b/cmdline/apt-dump-solver.cc index 424764b3c..f765234c5 100644 --- a/cmdline/apt-dump-solver.cc +++ b/cmdline/apt-dump-solver.cc @@ -41,7 +41,7 @@ int main(int argc,const char *argv[]) /*{{{*/ return 0; } // we really don't need anything - DropPrivs(); + DropPrivileges(); FILE* input = fdopen(STDIN_FILENO, "r"); FILE* output = fopen("/tmp/dump.edsp", "w"); diff --git a/cmdline/apt-internal-solver.cc b/cmdline/apt-internal-solver.cc index 0f2ec6283..92a4429e5 100644 --- a/cmdline/apt-internal-solver.cc +++ b/cmdline/apt-internal-solver.cc @@ -77,7 +77,7 @@ int main(int argc,const char *argv[]) /*{{{*/ {0,0,0,0}}; // we really don't need anything - DropPrivs(); + DropPrivileges(); CommandLine CmdL(Args,_config); if (pkgInitConfig(*_config) == false || |