X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/864a3375f7bf0b3772f4f2ae212b802f6cab5ff9..5f6c6c6e085bcba021a29d88859e70b1e03ff153:/apt-pkg/contrib/fileutl.cc diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc index 02b30dc1f..6b8f04dea 100644 --- a/apt-pkg/contrib/fileutl.cc +++ b/apt-pkg/contrib/fileutl.cc @@ -47,6 +47,7 @@ #include #include #include +#include #include #include @@ -1278,7 +1279,8 @@ bool FileFd::OpenInternDescriptor(unsigned int const Mode, APT::Configuration::C if (d->lzma == NULL) d->lzma = new FileFdPrivate::LZMAFILE; d->lzma->file = (FILE*) compress_struct; - d->lzma->stream = LZMA_STREAM_INIT; + lzma_stream tmp_stream = LZMA_STREAM_INIT; + d->lzma->stream = tmp_stream; if ((Mode & ReadWrite) == ReadWrite) return FileFdError("ReadWrite mode is not supported for file %s", FileName.c_str()); @@ -1834,7 +1836,8 @@ static bool StatFileFd(char const * const msg, int const iFd, std::string const // higher-level code will generate more meaningful messages, // even translated this would be meaningless for users return _error->Errno("fstat", "Unable to determine %s for fd %i", msg, iFd); - ispipe = S_ISFIFO(Buf.st_mode); + if (FileName.empty() == false) + ispipe = S_ISFIFO(Buf.st_mode); } // for compressor pipes st_size is undefined and at 'best' zero @@ -2164,3 +2167,20 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode) return true; } + +bool DropPrivs() +{ + if (getuid() != 0) + return true; + + const std::string nobody = _config->Find("APT::User::Nobody", "nobody"); + struct passwd *pw = getpwnam(nobody.c_str()); + if (pw == NULL) + return _error->Warning("No user %s, can not drop rights", nobody.c_str()); + if (setgid(pw->pw_gid) != 0) + return _error->Errno("setgid", "Failed to setgid"); + if (setuid(pw->pw_uid) != 0) + return _error->Errno("setuid", "Failed to setuid"); + + return true; +}