drop privileges in file:// method as we do for decompressors

We drop it in decompressors, which are the natural next step, so if an
archive is used which isn't worldreadable (= not accessible by _apt) it
doesn't work anyway, so we just fail a bit earlier now and avoid all the
bad things which can happen over file (which could very well still be a
network resourc via NFS mounts or similar stuff, so hardly as safe as
the name might suggest at first).

diff --git a/methods/file.cc b/methods/file.cc
index 40e85bce5a464d7fafa1014bfeba8a242cc3aa47..b689de6195c543276987fe7d84ca9e90209bb71a 100644 (file)
--- a/methods/file.cc
+++ b/methods/file.cc
@@ -31,11 +31,21 @@
 class FileMethod : public pkgAcqMethod
 {
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
-   
+   virtual bool Configuration(std::string Message) APT_OVERRIDE;
+
    public:
-   
+
    FileMethod() : pkgAcqMethod("1.0",SingleInstance | SendConfig | LocalOnly) {};
 };
+bool FileMethod::Configuration(std::string Message)
+{
+   if (pkgAcqMethod::Configuration(Message) == false)
+      return false;
+
+   DropPrivsOrDie();
+
+   return true;
+}
 
 // FileMethod::Fetch - Fetch a file                                    /*{{{*/
 // ---------------------------------------------------------------------