diff options
Diffstat (limited to 'apt-pkg/contrib/gpgv.cc')
| -rw-r--r-- | apt-pkg/contrib/gpgv.cc | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/apt-pkg/contrib/gpgv.cc b/apt-pkg/contrib/gpgv.cc index cdf9481cb..d4ccf47c7 100644 --- a/apt-pkg/contrib/gpgv.cc +++ b/apt-pkg/contrib/gpgv.cc @@ -92,7 +92,7 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, #define EINTERNAL 111 std::string const aptkey = _config->Find("Dir::Bin::apt-key", CMAKE_INSTALL_FULL_BINDIR "/apt-key"); - bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); + bool const Debug = _config->FindB("Debug::Acquire::gpgv", false); struct exiter { std::vector<const char *> files; void operator ()(int code) APT_NORETURN { @@ -103,8 +103,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, std::vector<const char *> Args; - Args.reserve(10); + Args.reserve(11); + Args.push_back("/bin/sh"); Args.push_back(aptkey.c_str()); Args.push_back("--quiet"); Args.push_back("--readonly"); @@ -214,6 +215,21 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, Args.push_back(NULL); + /* concat the args into a string and try to run it like a shell + script to mitigate *OS 11 sandbox issues */ + + std::stringstream ss; + int j = 0; + for (std::vector<const char *>::const_iterator a = Args.begin(); *a != NULL; ++a) + { + if(j != 0) + ss << " "; + ss << *a; + j++; + } + + std::string ArgString = ss.str(); + if (Debug == true) { std::clog << "Preparing to exec: "; @@ -238,8 +254,8 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, putenv((char *)"LC_ALL="); putenv((char *)"LC_MESSAGES="); } - - + + // We have created tempfiles we have to clean up // and we do an additional check, so fork yet another time … pid_t pid = ExecFork(); @@ -251,8 +267,9 @@ void ExecGPGV(std::string const &File, std::string const &FileGPG, { if (statusfd != -1) dup2(fd[1], statusfd); - execvp(Args[0], (char **) &Args[0]); - apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str()); + execlp("sh", "sh", "-c", ArgString.c_str(), NULL); //run as a shell script instead + //execvp(Args[0], (char **) &Args[0]); + apt_error(std::cerr, statusfd, fd, "Couldn't execute %s to check %s", Args[0], File.c_str()); local_exit(EINTERNAL); } |