diff options
-rw-r--r-- | apt-pkg/contrib/fileutl.cc | 10 | ||||
-rw-r--r-- | apt-pkg/contrib/fileutl.h | 2 | ||||
-rw-r--r-- | apt-pkg/contrib/proxy.cc | 2 |
3 files changed, 13 insertions, 1 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 72813f4c3..6cc7414b0 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -2913,6 +2913,11 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)/ /*}}}*/ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr)/*{{{*/ { + return Popen(Args, Fd, Child, Mode, CaptureStderr, false); +} + /*}}}*/ +bool Popen(const char *Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr, bool Sandbox) /*{{{*/ +{ int fd; if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly) return _error->Error("Popen supports ReadOnly (x)or WriteOnly mode only"); @@ -2929,6 +2934,11 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, return _error->Errno("fork", "Failed to fork"); if(Child == 0) { + if (Sandbox && (getuid() == 0 || geteuid() == 0) && !DropPrivileges()) + { + _error->DumpErrors(); + _exit(1); + } if(Mode == FileFd::ReadOnly) { close(Pipe[0]); diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h index 19b4ed49e..699b8b802 100644 --- a/apt-pkg/contrib/fileutl.h +++ b/apt-pkg/contrib/fileutl.h @@ -273,8 +273,10 @@ std::vector<std::string> Glob(std::string const &pattern, int flags=0); * \param Mode is either FileFd::ReadOnly or FileFd::WriteOnly * \param CaptureStderr True if we should capture stderr in addition to stdout. * (default: True). + * \param Sandbox True if this should run sandboxed * \return true on success, false on failure with _error set */ +bool Popen(const char *Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr, bool Sandbox) APT_HIDDEN; bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr); bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode); diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc index 86582e1aa..6dc3b0686 100644 --- a/apt-pkg/contrib/proxy.cc +++ b/apt-pkg/contrib/proxy.cc @@ -60,7 +60,7 @@ bool AutoDetectProxy(URI &URL) Args.push_back(nullptr); FileFd PipeFd; pid_t Child; - if(Popen(&Args[0], PipeFd, Child, FileFd::ReadOnly, false) == false) + if (Popen(&Args[0], PipeFd, Child, FileFd::ReadOnly, false, true) == false) return _error->Error("ProxyAutoDetect command '%s' failed!", AutoDetectProxyCmd.c_str()); char buf[512]; bool const goodread = PipeFd.ReadLine(buf, sizeof(buf)) != nullptr; |