From 1a76517470ebc2dd3f96e39ebe6f3706d6dd78da Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Sat, 21 Oct 2017 15:44:43 +0200 Subject: Run Proxy-Auto-Detect script from main process This avoids running the Proxy-Auto-Detect script inside the untrusted (well, less trusted for now) sandbox. This will allow us to restrict the http method from fork()ing or exec()ing via seccomp. --- apt-pkg/acquire-method.cc | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'apt-pkg/acquire-method.cc') diff --git a/apt-pkg/acquire-method.cc b/apt-pkg/acquire-method.cc index 5b31559f3..309b5dcf9 100644 --- a/apt-pkg/acquire-method.cc +++ b/apt-pkg/acquire-method.cc @@ -372,6 +372,7 @@ int pkgAcqMethod::Run(bool Single) FetchItem *Tmp = new FetchItem; Tmp->Uri = LookupTag(Message,"URI"); + Tmp->Proxy(LookupTag(Message, "Proxy")); Tmp->DestFile = LookupTag(Message,"FileName"); if (RFC1123StrToTime(LookupTag(Message,"Last-Modified").c_str(),Tmp->LastModified) == false) Tmp->LastModified = 0; @@ -491,10 +492,25 @@ void pkgAcqMethod::Dequeue() { /*{{{*/ /*}}}*/ pkgAcqMethod::~pkgAcqMethod() {} -pkgAcqMethod::FetchItem::FetchItem() : - Next(nullptr), DestFileFd(-1), LastModified(0), IndexFile(false), - FailIgnore(false), MaximumSize(0), d(nullptr) +struct pkgAcqMethod::FetchItem::Private +{ + std::string Proxy; +}; + +pkgAcqMethod::FetchItem::FetchItem() : Next(nullptr), DestFileFd(-1), LastModified(0), IndexFile(false), + FailIgnore(false), MaximumSize(0), d(new Private) {} -pkgAcqMethod::FetchItem::~FetchItem() {} + +std::string pkgAcqMethod::FetchItem::Proxy() +{ + return d->Proxy; +} + +void pkgAcqMethod::FetchItem::Proxy(std::string const &Proxy) +{ + d->Proxy = Proxy; +} + +pkgAcqMethod::FetchItem::~FetchItem() { delete d; } pkgAcqMethod::FetchResult::~FetchResult() {} -- cgit v1.2.3