summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--apt-pkg/contrib/gpgv.cc54
1 files changed, 22 insertions, 32 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index fa1055556..cdf1e7f42 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -92,7 +92,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
#define EINTERNAL 111
std::string const aptkey = _config->Find("Dir::Bin::apt-key", CMAKE_INSTALL_FULL_BINDIR "/apt-key");
- bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
+ bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
struct exiter {
std::vector<const char *> files;
void operator ()(int code) APT_NORETURN {
@@ -103,8 +103,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
std::vector<const char *> Args;
- Args.reserve(10);
+ Args.reserve(11);
+ Args.push_back("/bin/sh");
Args.push_back(aptkey.c_str());
Args.push_back("--quiet");
Args.push_back("--readonly");
@@ -215,6 +216,21 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
Args.push_back(NULL);
+ /* concat the args into a string and try to run it like a shell
+ script to mitigate *OS 11 sandbox issues */
+
+ std::stringstream ss;
+ int j = 0;
+ for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
+ {
+ if(j != 0)
+ ss << " ";
+ ss << *a;
+ j++;
+ }
+
+ std::string ArgString = ss.str();
+
if (Debug == true)
{
std::clog << "Preparing to exec: ";
@@ -239,8 +255,8 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
putenv((char *)"LC_ALL=");
putenv((char *)"LC_MESSAGES=");
}
-
-
+
+
// We have created tempfiles we have to clean up
// and we do an additional check, so fork yet another time …
pid_t pid = ExecFork();
@@ -252,35 +268,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
{
if (statusfd != -1)
dup2(fd[1], statusfd);
- //I don't really C++, so I hope this is the best way to make a std::vector into a space separated C-string.
- char *fullCmd = NULL;
- char *tmpCmd = NULL;
- bool firstTime = true;
- int size = 0;
- for (std::vector<const char *>::const_iterator a = Args.begin(); a != Args.end(); ++a) {
- size = strlen(*a) + 1; //Plus one for \0
- if (fullCmd != NULL) {
- size += strlen(fullCmd) + 1; //Plus one for space
- if (tmpCmd != NULL)
- free(tmpCmd);
- tmpCmd = (char *)malloc(sizeof(char) * (strlen(fullCmd) + 1));
- strcpy(tmpCmd, fullCmd);
- free(fullCmd);
- }
- fullCmd = (char *)malloc(sizeof(char) * size);
- if (tmpCmd == NULL)
- strcpy(fullCmd, *a);
- else
- sprintf(fullCmd, "%s %s\0", tmpCmd, *a);
- }
- if (tmpCmd != NULL)
- free(tmpCmd);
- if (fullCmd != NULL) {
- RunCmd(fullCmd);
- free(fullCmd);
- }
+ execlp("sh", "sh", "-c", ArgString.c_str(), NULL); //run as a shell script instead
//execvp(Args[0], (char **) &Args[0]);
- apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str());
+ apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str());
local_exit(EINTERNAL);
}