From 460601d53039b1d1b5688a8cd58bae10fb746f57 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Wed, 15 Oct 2014 02:43:44 +0200 Subject: don't drop privileges if _apt has not enough rights MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Privilege dropping breaks download/source/changelog commands as they require the _apt user to have write permissions in the current directory, which is e.g. the case in /tmp, but not in /root, so we disable the privilege dropping if we deal with such a directory based on idea and code by Michael Vogt. The alternative would be to download always to a temp directory and move it then done, but this breaks partial file support. To resolve this, we could move to one of our partial/ directories, but this would require a lock which would block root from using two of these commands in parallel. As both seems unacceptable we instead let the user choose what to do: Either a directory is setupped for _apt, downloading as root is accepted or – which is potentially even better – an unprivileged user is used for the commands. --- cmdline/apt-helper.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'cmdline/apt-helper.cc') diff --git a/cmdline/apt-helper.cc b/cmdline/apt-helper.cc index c240008aa..27abb2013 100644 --- a/cmdline/apt-helper.cc +++ b/cmdline/apt-helper.cc @@ -59,7 +59,10 @@ static bool DoDownloadFile(CommandLine &CmdL) // we use download_uri as descr and targetfile as short-descr new pkgAcqFile(&Fetcher, download_uri, hash, 0, download_uri, targetfile, "dest-dir-ignored", targetfile); - Fetcher.Run(); + + // Disable drop-privs if "_apt" can not write to the target dir + CheckDropPrivsMustBeDisabled(Fetcher); + bool Failed = false; if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true || FileExists(targetfile) == false) -- cgit v1.2.3