Browse Source

DropPrivs in the solvers (just to be on the safe side)

debian/1.8.y
Michael Vogt 8 years ago
parent
commit
fc1a78d8e9
  1. 17
      apt-pkg/contrib/fileutl.cc
  2. 3
      apt-pkg/contrib/fileutl.h
  3. 2
      cmdline/apt-dump-solver.cc
  4. 3
      cmdline/apt-internal-solver.cc

17
apt-pkg/contrib/fileutl.cc

@ -47,6 +47,7 @@
#include <signal.h>
#include <errno.h>
#include <glob.h>
#include <pwd.h>
#include <set>
#include <algorithm>
@ -2050,3 +2051,19 @@ bool Rename(std::string From, std::string To)
}
return true;
}
bool DropPrivs()
{
if (getuid() != 0)
return true;
const std::string nobody = _config->Find("APT::User::Nobody", "nobody");
struct passwd *pw = getpwnam(nobody.c_str());
if (pw == NULL)
return _error->Warning("No user %s, can not drop rights", nobody.c_str());
if (setgid(pw->pw_gid) != 0)
return _error->Errno("setgid", "Failed to setgid");
if (setuid(pw->pw_uid) != 0)
return _error->Errno("setuid", "Failed to setuid");
return true;
}

3
apt-pkg/contrib/fileutl.h

@ -191,6 +191,9 @@ pid_t ExecFork(std::set<int> keep_fds);
void MergeKeepFdsFromConfiguration(std::set<int> &keep_fds);
bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
// process releated
bool DropPrivs();
// File string manipulators
std::string flNotDir(std::string File);
std::string flNotFile(std::string File);

2
cmdline/apt-dump-solver.cc

@ -40,6 +40,8 @@ int main(int argc,const char *argv[]) /*{{{*/
ShowHelp();
return 0;
}
// we really don't need anything
DropPrivs();
FILE* input = fdopen(STDIN_FILENO, "r");
FILE* output = fopen("/tmp/dump.edsp", "w");

3
cmdline/apt-internal-solver.cc

@ -74,6 +74,9 @@ int main(int argc,const char *argv[]) /*{{{*/
{'o',"option",0,CommandLine::ArbItem},
{0,0,0,0}};
// we really don't need anything
DropPrivs();
CommandLine CmdL(Args,_config);
if (pkgInitConfig(*_config) == false ||
CmdL.Parse(argc,argv) == false) {

Loading…
Cancel
Save