X-Git-Url: https://git.saurik.com/apt.git/blobdiff_plain/f8aba23f2e8a4c52869cd3869a716df28267597a..68ba0b7f4e1c03edfb6f621e7e7314ea610af96b:/apt-pkg/contrib/fileutl.cc

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 86eec7c36..f6351b7b5 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -1521,7 +1521,7 @@ bool FileFd::Read(void *To,unsigned long long Size,unsigned long long *Actual)
 	    int err;
 	    char const * const errmsg = BZ2_bzerror(d->bz2, &err);
 	    if (err != BZ_IO_ERROR)
-	       return FileFdError("BZ2_bzread: %s (%d: %s)", _("Read error"), err, errmsg);
+	       return FileFdError("BZ2_bzread: %s %s (%d: %s)", FileName.c_str(), _("Read error"), err, errmsg);
 	 }
 #endif
 #ifdef HAVE_LZMA
@@ -2165,27 +2165,37 @@ bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)/
 									/*}}}*/
 bool DropPrivileges()							/*{{{*/
 {
-   // uid will be 0 in the end, but gid might be different anyway
-   uid_t old_uid = getuid();
-   gid_t old_gid = getgid();
-
-   if (old_uid != 0)
-      return true;
    if(_config->FindB("Debug::NoDropPrivs", false) == true)
       return true;
 
-   const std::string toUser = _config->Find("APT::Sandbox::User", "_apt");
-   struct passwd *pw = getpwnam(toUser.c_str());
-   if (pw == NULL)
-      return _error->Error("No user %s, can not drop rights", toUser.c_str());
+   // empty setting disables DropPrivilidges - this also ensures
+   // backward compatibility, see bug #764506
+   const std::string toUser = _config->Find("APT::Sandbox::User");
+   if (toUser.empty())
+      return true;
 
 #if __gnu_linux__
-   // see prctl(2), needs linux3.5
-   int ret = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+#if defined(PR_SET_NO_NEW_PRIVS) && ( PR_SET_NO_NEW_PRIVS != 38 )
+#error "PR_SET_NO_NEW_PRIVS is defined, but with a different value than expected!"
+#endif
+   // see prctl(2), needs linux3.5 at runtime - magic constant to avoid it at buildtime
+   int ret = prctl(38, 1, 0, 0, 0);
    // ignore EINVAL - kernel is too old to understand the option
    if(ret < 0 && errno != EINVAL)
       _error->Warning("PR_SET_NO_NEW_PRIVS failed with %i", ret);
 #endif
+
+   // uid will be 0 in the end, but gid might be different anyway
+   uid_t const old_uid = getuid();
+   gid_t const old_gid = getgid();
+
+   if (old_uid != 0)
+      return true;
+
+   struct passwd *pw = getpwnam(toUser.c_str());
+   if (pw == NULL)
+      return _error->Error("No user %s, can not drop rights", toUser.c_str());
+
    // Do not change the order here, it might break things
    if (setgroups(1, &pw->pw_gid))
       return _error->Errno("setgroups", "Failed to setgroups");