summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/fileutl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg/contrib/fileutl.cc')
-rw-r--r--apt-pkg/contrib/fileutl.cc10
1 files changed, 10 insertions, 0 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 72813f4c3..6cc7414b0 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2913,6 +2913,11 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)/
/*}}}*/
bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr)/*{{{*/
{
+ return Popen(Args, Fd, Child, Mode, CaptureStderr, false);
+}
+ /*}}}*/
+bool Popen(const char *Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode, bool CaptureStderr, bool Sandbox) /*{{{*/
+{
int fd;
if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly)
return _error->Error("Popen supports ReadOnly (x)or WriteOnly mode only");
@@ -2929,6 +2934,11 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode,
return _error->Errno("fork", "Failed to fork");
if(Child == 0)
{
+ if (Sandbox && (getuid() == 0 || geteuid() == 0) && !DropPrivileges())
+ {
+ _error->DumpErrors();
+ _exit(1);
+ }
if(Mode == FileFd::ReadOnly)
{
close(Pipe[0]);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 01:19:17 +0000