From 7c8206bf26b8ef6020b543bbc027305dee8f2308 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 31 Aug 2015 11:00:12 +0200
Subject: if file is inaccessible for _apt, disable privilege drop in acquire

We had a very similar method previously for our own private usage, but
with some generalisation we can move this check into the acquire system
proper so that all frontends profit from this compatibility change.

As we are disabling a security feature here a warning is issued and
frontends are advised to consider reworking their download logic if
possible.

Note that this is implemented as an all or nothing situation: We can't
just (not) drop privileges for a subset of the files in a fetcher, so in
case you have to download some files with and some without you need to
use two fetchers.
---
 cmdline/apt-helper.cc | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'cmdline/apt-helper.cc')

diff --git a/cmdline/apt-helper.cc b/cmdline/apt-helper.cc
index d235ac315..3c49bf149 100644
--- a/cmdline/apt-helper.cc
+++ b/cmdline/apt-helper.cc
@@ -68,9 +68,6 @@ static bool DoDownloadFile(CommandLine &CmdL)
       fileind += 3;
    }
 
-   // Disable drop-privs if "_apt" can not write to the target dir
-   CheckDropPrivsMustBeDisabled(Fetcher);
-
    bool Failed = false;
    if (AcquireRun(Fetcher, 0, &Failed, NULL) == false || Failed == true)
       return _error->Error(_("Download Failed"));
-- 
cgit v1.2.3