summaryrefslogtreecommitdiff
path: root/apt-private
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2015-08-31 11:00:12 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2015-08-31 11:00:12 +0200
commit7c8206bf26b8ef6020b543bbc027305dee8f2308 (patch)
tree0a2df6cb2f5979735a9532ea61e11fa2207793f4 /apt-private
parentdd6da7d2392e2ad35c444ebc2d7bc2308380530c (diff)
if file is inaccessible for _apt, disable privilege drop in acquire
We had a very similar method previously for our own private usage, but with some generalisation we can move this check into the acquire system proper so that all frontends profit from this compatibility change. As we are disabling a security feature here a warning is issued and frontends are advised to consider reworking their download logic if possible. Note that this is implemented as an all or nothing situation: We can't just (not) drop privileges for a subset of the files in a fetcher, so in case you have to download some files with and some without you need to use two fetchers.
Diffstat (limited to 'apt-private')
-rw-r--r--apt-private/private-download.cc49
-rw-r--r--apt-private/private-download.h2
2 files changed, 0 insertions, 51 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index 18a9b1fbc..8a57ccc86 100644
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -26,55 +26,6 @@
#include <apti18n.h>
/*}}}*/
-bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher) /*{{{*/
-{
- // no need/possibility to drop privs
- if(getuid() != 0)
- return true;
-
- // the user does not want to drop privs
- std::string SandboxUser = _config->Find("APT::Sandbox::User");
- if (SandboxUser.empty())
- return true;
-
- struct passwd const * const pw = getpwnam(SandboxUser.c_str());
- if (pw == NULL)
- return true;
-
- if (seteuid(pw->pw_uid) != 0)
- return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
-
- bool res = true;
- // check if we can write to destfile
- for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
- I != Fetcher.ItemsEnd() && res == true; ++I)
- {
- if ((*I)->DestFile.empty())
- continue;
- // we assume that an existing (partial) file means that we have sufficient rights
- if (RealFileExists((*I)->DestFile))
- continue;
- int fd = open((*I)->DestFile.c_str(), O_CREAT | O_EXCL | O_RDWR, 0600);
- if (fd < 0)
- {
- res = false;
- std::string msg;
- strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
- (*I)->DestFile.c_str(), SandboxUser.c_str());
- std::cerr << "W: " << msg << std::endl;
- _config->Set("APT::Sandbox::User", "");
- break;
- }
- unlink((*I)->DestFile.c_str());
- close(fd);
- }
-
- if (seteuid(0) != 0)
- return _error->Errno("seteuid", "seteuid %u failed", 0);
-
- return res;
-}
- /*}}}*/
// CheckAuth - check if each download comes form a trusted source /*{{{*/
bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
{
diff --git a/apt-private/private-download.h b/apt-private/private-download.h
index 0f3db5e7a..80643e0f2 100644
--- a/apt-private/private-download.h
+++ b/apt-private/private-download.h
@@ -8,8 +8,6 @@
class pkgAcquire;
-APT_PUBLIC bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher);
-
// Check if all files in the fetcher are authenticated
APT_PUBLIC bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser);