From e250df1a623fd08f8a5afe2d94bd29a35e872725 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Tue, 21 Mar 2017 09:27:25 +0100 Subject: Show permission error if ProxyAutoDetect cmd can't be executed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the proxy commands are not executed as root, a user can run into permission errors (s)he isn't expecting – as our switching is an implementation detail – so the error message in that case should really be better than a generic "error code 100" sending the user in the wrong direction as that implies the command was executed, but errored out. Closes: 857885 --- apt-pkg/contrib/proxy.cc | 6 +++++- test/integration/test-apt-helper | 2 ++ test/integration/test-bug-717891-abolute-uris-for-proxies | 5 +++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/apt-pkg/contrib/proxy.cc b/apt-pkg/contrib/proxy.cc index 1b7a92c68..a26ab4fbc 100644 --- a/apt-pkg/contrib/proxy.cc +++ b/apt-pkg/contrib/proxy.cc @@ -13,7 +13,8 @@ #include #include -#include +#include +#include #include "proxy.h" /*}}}*/ @@ -41,6 +42,9 @@ bool AutoDetectProxy(URI &URL) if (Debug) std::clog << "Using auto proxy detect command: " << AutoDetectProxyCmd << std::endl; + if (faccessat(AT_FDCWD, AutoDetectProxyCmd.c_str(), R_OK | X_OK, AT_EACCESS) != 0) + return _error->Errno("access", "ProxyAutoDetect command '%s' can not be executed!", AutoDetectProxyCmd.c_str()); + std::string const urlstring = URL; std::vector Args; Args.push_back(AutoDetectProxyCmd.c_str()); diff --git a/test/integration/test-apt-helper b/test/integration/test-apt-helper index a936243ec..fda28968f 100755 --- a/test/integration/test-apt-helper +++ b/test/integration/test-apt-helper @@ -94,6 +94,8 @@ test_apt_helper_detect_proxy() { W: ProxyAutoDetect command returned an empty line" apthelper auto-detect-proxy http://example.com/ setupproxydetect 'http' 'echo DIRECT' testsuccessequal "Using proxy 'DIRECT' for URL 'http://example.com/'" apthelper auto-detect-proxy http://example.com/ + chmod -x "${TMPWORKINGDIRECTORY}/apt-proxy-detect" + testfailureequal "E: ProxyAutoDetect command '${TMPWORKINGDIRECTORY}/apt-proxy-detect' can not be executed! - access (13: Permission denied)" apthelper auto-detect-proxy http://example.com/ msgmsg "apt-helper $CONFNAME" 'http proxy' setupproxydetect 'http' 'echo "http://some-proxy"' diff --git a/test/integration/test-bug-717891-abolute-uris-for-proxies b/test/integration/test-bug-717891-abolute-uris-for-proxies index 323322283..5f1b7546c 100755 --- a/test/integration/test-bug-717891-abolute-uris-for-proxies +++ b/test/integration/test-bug-717891-abolute-uris-for-proxies @@ -46,3 +46,8 @@ The following NEW packages will be installed: 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Inst unrelated (0.5~squeeze1 unstable [all]) Conf unrelated (0.5~squeeze1 unstable [all])' aptget install unrelated -s + +chmod 444 "${TMPWORKINGDIRECTORY}/apt-proxy-detect" +msgtest 'Check that non-executable proxy commands result in' 'permission error' +testfailure --nomsg aptget update +testsuccess grep 'can not be executed' rootdir/tmp/testfailure.output -- cgit v1.2.3-70-g09d2