summaryrefslogtreecommitdiff
path: root/apt-pkg/contrib/gpgv.cc
diff options
context:
space:
mode:
Diffstat (limited to 'apt-pkg/contrib/gpgv.cc')
-rw-r--r--apt-pkg/contrib/gpgv.cc29
1 files changed, 23 insertions, 6 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc
index cdf9481cb..d4ccf47c7 100644
--- a/apt-pkg/contrib/gpgv.cc
+++ b/apt-pkg/contrib/gpgv.cc
@@ -92,7 +92,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
#define EINTERNAL 111
std::string const aptkey = _config->Find("Dir::Bin::apt-key", CMAKE_INSTALL_FULL_BINDIR "/apt-key");
- bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
+ bool const Debug = _config->FindB("Debug::Acquire::gpgv", false);
struct exiter {
std::vector<const char *> files;
void operator ()(int code) APT_NORETURN {
@@ -103,8 +103,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
std::vector<const char *> Args;
- Args.reserve(10);
+ Args.reserve(11);
+ Args.push_back("/bin/sh");
Args.push_back(aptkey.c_str());
Args.push_back("--quiet");
Args.push_back("--readonly");
@@ -214,6 +215,21 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
Args.push_back(NULL);
+ /* concat the args into a string and try to run it like a shell
+ script to mitigate *OS 11 sandbox issues */
+
+ std::stringstream ss;
+ int j = 0;
+ for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a)
+ {
+ if(j != 0)
+ ss << " ";
+ ss << *a;
+ j++;
+ }
+
+ std::string ArgString = ss.str();
+
if (Debug == true)
{
std::clog << "Preparing to exec: ";
@@ -238,8 +254,8 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
putenv((char *)"LC_ALL=");
putenv((char *)"LC_MESSAGES=");
}
-
-
+
+
// We have created tempfiles we have to clean up
// and we do an additional check, so fork yet another time …
pid_t pid = ExecFork();
@@ -251,8 +267,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG,
{
if (statusfd != -1)
dup2(fd[1], statusfd);
- execvp(Args[0], (char **) &Args[0]);
- apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str());
+ execlp("sh", "sh", "-c", ArgString.c_str(), NULL); //run as a shell script instead
+ //execvp(Args[0], (char **) &Args[0]);
+ apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str());
local_exit(EINTERNAL);
}