diff options
author | David Kalnischkies <david@kalnischkies.de> | 2018-01-05 23:47:45 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2018-02-19 15:56:09 +0100 |
commit | d90eb8132961aa481b94e63246a0ed23fc36d182 (patch) | |
tree | b7bedb928d7cc5578ad2dbb2543f97cd7fec9e53 /methods | |
parent | 887e331abb6ac0a850e5d53de55f43c9ebdee5a2 (diff) |
use a more standard approach to disable security for cdrom method
It is sad that we can't wrap the cdrom method tighter at the moment, but
due to its ability to mount drives into arbitrary places via an external
suid binary we can't really do a lot better at the moment.
What we can do is set the options in the configuration space through as
it is standard in the other methods instead of doing it in main() which
is assumed to be more boilerplatey than actually doing something.
Gbp-Dch: Ignore
Diffstat (limited to 'methods')
-rw-r--r-- | methods/cdrom.cc | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/methods/cdrom.cc b/methods/cdrom.cc index 8b7587fe5..3900e3e64 100644 --- a/methods/cdrom.cc +++ b/methods/cdrom.cc @@ -46,7 +46,8 @@ class CDROMMethod : public aptMethod virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE; string GetID(string Name); virtual void Exit() APT_OVERRIDE; - + virtual bool Configuration(std::string Message) APT_OVERRIDE; + public: CDROMMethod(); @@ -277,9 +278,14 @@ bool CDROMMethod::Fetch(FetchItem *Itm) return true; } /*}}}*/ +bool CDROMMethod::Configuration(std::string Message) /*{{{*/ +{ + _config->CndSet("Binary::cdrom::Debug::NoDropPrivs", true); + return aptMethod::Configuration(Message); +} + /*}}}*/ int main() { - _config->CndSet("Binary::cdrom::Debug::NoDropPrivs", true); return CDROMMethod().Run(); } |