fix Configuration::FindVector API

[apt.git] / apt-pkg / contrib / fileutl.cc

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 7ccaaa03faa813831cef4947156978a5d80c1dc4..df409fa36b54e21eeebc1eeef0bb6f51e2b7cb8f 100644 (file)
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -896,7 +896,7 @@ class FileFdPrivate {                                                       /*{{{*/
           bool eof;
           bool compressing;
 
-          LZMAFILE() : file(NULL), eof(false), compressing(false) {}
+          LZMAFILE() : file(NULL), eof(false), compressing(false) { buffer[0] = '\0'; }
           ~LZMAFILE() {
              if (compressing == true)
              {
@@ -2126,10 +2126,8 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)
 
    int Pipe[2] = {-1, -1};
    if(pipe(Pipe) != 0)
-   {
       return _error->Errno("pipe", _("Failed to create subprocess IPC"));
-      return NULL;
-   }
+
    std::set<int> keep_fds;
    keep_fds.insert(Pipe[0]);
    keep_fds.insert(Pipe[1]);
@@ -2184,10 +2182,10 @@ bool DropPrivs()
    if(_config->FindB("Debug::NoDropPrivs", false) == true)
       return true;
 
-   const std::string nobody = _config->Find("APT::User::Nobody", "_apt");
-   struct passwd *pw = getpwnam(nobody.c_str());
+   const std::string toUser = _config->Find("APT::Sandbox::User", "_apt");
+   struct passwd *pw = getpwnam(toUser.c_str());
    if (pw == NULL)
-      return _error->Warning("No user %s, can not drop rights", nobody.c_str());
+      return _error->Error("No user %s, can not drop rights", toUser.c_str());
 
 #if __gnu_linux__
    // see prctl(2), needs linux3.5
@@ -2213,13 +2211,6 @@ bool DropPrivs()
    if (seteuid(pw->pw_uid) != 0)
       return _error->Errno("seteuid", "Failed to seteuid");
 
-   // Check that uid and gid changes do not work anymore
-   if (pw->pw_gid != old_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1))
-      return _error->Error("Could restore a gid to root, privilege dropping did not work");
-
-   if (pw->pw_uid != old_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
-      return _error->Error("Could restore a uid to root, privilege dropping did not work");
-
    // Verify that the user has only a single group, and the correct one
    gid_t groups[1];
    if (getgroups(1, groups) != 1)
@@ -2238,6 +2229,7 @@ bool DropPrivs()
       return _error->Error("Could not switch effective user");
 
 #ifdef HAVE_GETRESUID
+   // verify that the saved set-user-id was changed as well
    uid_t ruid = 0;
    uid_t euid = 0;
    uid_t suid = 0;
@@ -2248,6 +2240,7 @@ bool DropPrivs()
 #endif
 
 #ifdef HAVE_GETRESGID
+   // verify that the saved set-group-id was changed as well
    gid_t rgid = 0;
    gid_t egid = 0;
    gid_t sgid = 0;
@@ -2257,5 +2250,12 @@ bool DropPrivs()
       return _error->Error("Could not switch saved set-group-ID");
 #endif
 
+   // Check that uid and gid changes do not work anymore
+   if (pw->pw_gid != old_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1))
+      return _error->Error("Could restore a gid to root, privilege dropping did not work");
+
+   if (pw->pw_uid != old_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
+      return _error->Error("Could restore a uid to root, privilege dropping did not work");
+
    return true;
 }