diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-06-08 13:44:29 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-06-08 17:27:19 +0200 |
commit | 007d8b488787f4c33ced5937f22f99f1b759088a (patch) | |
tree | ee6d42146b4bc01b84c947e7755888a4dd1a1b45 /cmdline | |
parent | 3a487cc03dec3488d0fa3008d04747bb1b4b0baf (diff) |
edsp: drop privileges before executing solvers
Most (if not all) solvers should be able to run perfectly fine without
root privileges as they get the entire state they are supposed to work
on via stdin and do not perform any action directly, but just pass
suggestions on via stdout.
The new default is to run them all as _apt hence, but each solver can
configure another user if it chooses/must. The security benefits are
minimal at best, but it helps preventing silly mistakes (see
35f3ed061f10a25a3fb28bc988fddbb976344c4d) and that is always good.
Note that our 'apt' and 'dump' solver already dropped privileges if they
had them.
Diffstat (limited to 'cmdline')
-rw-r--r-- | cmdline/apt-dump-solver.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/cmdline/apt-dump-solver.cc b/cmdline/apt-dump-solver.cc index c6d98cd97..e94021fcf 100644 --- a/cmdline/apt-dump-solver.cc +++ b/cmdline/apt-dump-solver.cc @@ -107,6 +107,8 @@ int main(int argc,const char *argv[]) /*{{{*/ Solver = ExecFork(); if (Solver == 0) { + _config->Set("APT::Sandbox::User", _config->Find("APT::Solver::RunAsUser", _config->Find("APT::Sandbox::User"))); + DropPrivileges(); dup2(external[0], STDIN_FILENO); execv(CmdL.FileList[1], const_cast<char**>(CmdL.FileList + 1)); std::cerr << "Failed to execute '" << CmdL.FileList[1] << "'!" << std::endl; |