diff options
Diffstat (limited to 'apt-pkg/contrib/fileutl.cc')
-rw-r--r-- | apt-pkg/contrib/fileutl.cc | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 4cc8112af..1be782bac 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -52,6 +52,7 @@ #include <set> #include <algorithm> +#include <memory> #ifdef HAVE_ZLIB #include <zlib.h> @@ -159,7 +160,7 @@ bool CopyFile(FileFd &From,FileFd &To) return false; // Buffered copy between fds - SPtrArray<unsigned char> Buf = new unsigned char[64000]; + std::unique_ptr<unsigned char[]> Buf(new unsigned char[64000]); unsigned long long Size = From.Size(); while (Size != 0) { @@ -167,8 +168,8 @@ bool CopyFile(FileFd &From,FileFd &To) if (Size > 64000) ToRead = 64000; - if (From.Read(Buf,ToRead) == false || - To.Write(Buf,ToRead) == false) + if (From.Read(Buf.get(),ToRead) == false || + To.Write(Buf.get(),ToRead) == false) return false; Size -= ToRead; @@ -2251,22 +2252,32 @@ bool DropPrivileges() /*{{{*/ return _error->Error("No user %s, can not drop rights", toUser.c_str()); // Do not change the order here, it might break things + // Get rid of all our supplementary groups first if (setgroups(1, &pw->pw_gid)) return _error->Errno("setgroups", "Failed to setgroups"); + // Now change the group ids to the new user +#ifdef HAVE_SETRESGID + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) + return _error->Errno("setresgid", "Failed to set new group ids"); +#else if (setegid(pw->pw_gid) != 0) return _error->Errno("setegid", "Failed to setegid"); if (setgid(pw->pw_gid) != 0) return _error->Errno("setgid", "Failed to setgid"); +#endif + // Change the user ids to the new user +#ifdef HAVE_SETRESUID + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) + return _error->Errno("setresuid", "Failed to set new user ids"); +#else if (setuid(pw->pw_uid) != 0) return _error->Errno("setuid", "Failed to setuid"); - - // the seteuid() is probably uneeded (at least thats what the linux - // man-page says about setuid(2)) but we cargo culted it anyway if (seteuid(pw->pw_uid) != 0) return _error->Errno("seteuid", "Failed to seteuid"); +#endif // Verify that the user has only a single group, and the correct one gid_t groups[1]; |