From 6c55f07a5fa3612a5d59c61a17da5fe640eadc8b Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 17 Jun 2015 09:29:00 +0200 Subject: make all d-pointer * const pointers Doing this disables the implicit copy assignment operator (among others) which would cause hovac if used on the classes as it would just copy the pointer, not the data the d-pointer points to. For most of the classes we don't need a copy assignment operator anyway and in many classes it was broken before as many contain a pointer of some sort. Only for our Cacheset Container interfaces we define an explicit copy assignment operator which could later be implemented to copy the data from one d-pointer to the other if we need it. Git-Dch: Ignore --- apt-pkg/contrib/fileutl.cc | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'apt-pkg/contrib/fileutl.cc') diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 8ec868ec0..f40526b5c 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -1011,6 +1011,25 @@ class FileFdPrivate { /*{{{*/ ~FileFdPrivate() { CloseDown(""); } }; /*}}}*/ +// FileFd Constructors /*{{{*/ +FileFd::FileFd(std::string FileName,unsigned int const Mode,unsigned long AccessMode) : iFd(-1), Flags(0), d(NULL) +{ + Open(FileName,Mode, None, AccessMode); +} +FileFd::FileFd(std::string FileName,unsigned int const Mode, CompressMode Compress, unsigned long AccessMode) : iFd(-1), Flags(0), d(NULL) +{ + Open(FileName,Mode, Compress, AccessMode); +} +FileFd::FileFd() : iFd(-1), Flags(AutoClose), d(NULL) {} +FileFd::FileFd(int const Fd, unsigned int const Mode, CompressMode Compress) : iFd(-1), Flags(0), d(NULL) +{ + OpenDescriptor(Fd, Mode, Compress); +} +FileFd::FileFd(int const Fd, bool const AutoClose) : iFd(-1), Flags(0), d(NULL) +{ + OpenDescriptor(Fd, ReadWrite, None, AutoClose); +} + /*}}}*/ // FileFd::Open - Open a file /*{{{*/ // --------------------------------------------------------------------- /* The most commonly used open mode combinations are given with Mode */ -- cgit v1.2.3 From c9443c01208377f0cba9706412ea3a98ad97b56d Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 20 Jul 2015 10:17:29 +0200 Subject: elimate duplicated code in pkgIndexFile subclasses Trade deduplication of code for a bunch of new virtuals, so it is actually visible how the different indexes behave cleaning up the interface at large in the process. Git-Dch: Ignore --- apt-pkg/contrib/fileutl.cc | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'apt-pkg/contrib/fileutl.cc') diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index f40526b5c..3b2e06431 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -2115,28 +2115,27 @@ std::string GetTempDir() /*{{{*/ return string(tmpdir); } /*}}}*/ -FileFd* GetTempFile(std::string const &Prefix, bool ImmediateUnlink) /*{{{*/ +FileFd* GetTempFile(std::string const &Prefix, bool ImmediateUnlink, FileFd * const TmpFd) /*{{{*/ { char fn[512]; - FileFd *Fd = new FileFd(); + FileFd * const Fd = TmpFd == NULL ? new FileFd() : TmpFd; - std::string tempdir = GetTempDir(); - snprintf(fn, sizeof(fn), "%s/%s.XXXXXX", + std::string const tempdir = GetTempDir(); + snprintf(fn, sizeof(fn), "%s/%s.XXXXXX", tempdir.c_str(), Prefix.c_str()); - int fd = mkstemp(fn); + int const fd = mkstemp(fn); if(ImmediateUnlink) unlink(fn); - if (fd < 0) + if (fd < 0) { _error->Errno("GetTempFile",_("Unable to mkstemp %s"), fn); return NULL; } - if (!Fd->OpenDescriptor(fd, FileFd::WriteOnly, FileFd::None, true)) + if (!Fd->OpenDescriptor(fd, FileFd::ReadWrite, FileFd::None, true)) { _error->Errno("GetTempFile",_("Unable to write to %s"),fn); return NULL; } - return Fd; } /*}}}*/ -- cgit v1.2.3 From be4d908fb5d56f8a331bb88e878a6fb8d82a77a6 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 25 May 2015 16:45:05 +0200 Subject: ExecFork: Use /proc/self/fd to determine which files to close This significantly reduces the number of files that have to be closed and seems to be faster, despite the additional reads. On systems where /proc/self/fd is not available, we fallback to the old code that closes all file descriptors >= 3. Closes: #764204 --- apt-pkg/contrib/fileutl.cc | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) (limited to 'apt-pkg/contrib/fileutl.cc') diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 3b2e06431..4cc8112af 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -800,12 +800,26 @@ pid_t ExecFork(std::set KeepFDs) signal(SIGCONT,SIG_DFL); signal(SIGTSTP,SIG_DFL); - long ScOpenMax = sysconf(_SC_OPEN_MAX); - // Close all of our FDs - just in case - for (int K = 3; K != ScOpenMax; K++) + DIR *dir = opendir("/proc/self/fd"); + if (dir != NULL) { - if(KeepFDs.find(K) == KeepFDs.end()) - fcntl(K,F_SETFD,FD_CLOEXEC); + struct dirent *ent; + while ((ent = readdir(dir))) + { + int fd = atoi(ent->d_name); + // If fd > 0, it was a fd number and not . or .. + if (fd >= 3 && KeepFDs.find(fd) == KeepFDs.end()) + fcntl(fd,F_SETFD,FD_CLOEXEC); + } + closedir(dir); + } else { + long ScOpenMax = sysconf(_SC_OPEN_MAX); + // Close all of our FDs - just in case + for (int K = 3; K != ScOpenMax; K++) + { + if(KeepFDs.find(K) == KeepFDs.end()) + fcntl(K,F_SETFD,FD_CLOEXEC); + } } } -- cgit v1.2.3 From 98cc7fd2c1d397623960baf69ae3cec04a87a23e Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Thu, 13 Aug 2015 11:28:32 +0200 Subject: Deprecate SPtrArray and convert everyone to unique_ptr More standardization --- apt-pkg/contrib/fileutl.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'apt-pkg/contrib/fileutl.cc') diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 4cc8112af..a6af27b00 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -52,6 +52,7 @@ #include #include +#include #ifdef HAVE_ZLIB #include @@ -159,7 +160,7 @@ bool CopyFile(FileFd &From,FileFd &To) return false; // Buffered copy between fds - SPtrArray Buf = new unsigned char[64000]; + std::unique_ptr Buf(new unsigned char[64000]); unsigned long long Size = From.Size(); while (Size != 0) { @@ -167,8 +168,8 @@ bool CopyFile(FileFd &From,FileFd &To) if (Size > 64000) ToRead = 64000; - if (From.Read(Buf,ToRead) == false || - To.Write(Buf,ToRead) == false) + if (From.Read(Buf.get(),ToRead) == false || + To.Write(Buf.get(),ToRead) == false) return false; Size -= ToRead; -- cgit v1.2.3 From 5a3264396f9b167fa99fb6e375ae8b978d829a39 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Wed, 24 Sep 2014 22:18:16 +0200 Subject: Use setresuid() and setresgid() where available --- apt-pkg/contrib/fileutl.cc | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) (limited to 'apt-pkg/contrib/fileutl.cc') diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index a6af27b00..1be782bac 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -2252,22 +2252,32 @@ bool DropPrivileges() /*{{{*/ return _error->Error("No user %s, can not drop rights", toUser.c_str()); // Do not change the order here, it might break things + // Get rid of all our supplementary groups first if (setgroups(1, &pw->pw_gid)) return _error->Errno("setgroups", "Failed to setgroups"); + // Now change the group ids to the new user +#ifdef HAVE_SETRESGID + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) + return _error->Errno("setresgid", "Failed to set new group ids"); +#else if (setegid(pw->pw_gid) != 0) return _error->Errno("setegid", "Failed to setegid"); if (setgid(pw->pw_gid) != 0) return _error->Errno("setgid", "Failed to setgid"); +#endif + // Change the user ids to the new user +#ifdef HAVE_SETRESUID + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) + return _error->Errno("setresuid", "Failed to set new user ids"); +#else if (setuid(pw->pw_uid) != 0) return _error->Errno("setuid", "Failed to setuid"); - - // the seteuid() is probably uneeded (at least thats what the linux - // man-page says about setuid(2)) but we cargo culted it anyway if (seteuid(pw->pw_uid) != 0) return _error->Errno("seteuid", "Failed to seteuid"); +#endif // Verify that the user has only a single group, and the correct one gid_t groups[1]; -- cgit v1.2.3