test if TMPDIR is accessible before using

Private temporary directories as created by e.g. libpam-tmpdir are nice,
but they are also very effective in preventing our priviledge dropping
to work as TMPDIR will be set to a directory only root has access to, so
working with it as _apt will fail. We circumvent this by extending our
check for a usable TMPDIR setting by checking access rights.

Closes: 765951

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index c51eee737ca660116f750aa3d2b808c2281fb361..47033eadff01d0f6edac3a912122aa496badb3f1 100644 (file)
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2066,9 +2066,11 @@ std::string GetTempDir()                                         /*{{{*/
       tmpdir = P_tmpdir;
 #endif
 
-   // check that tmpdir is set and exists
    struct stat st;
-   if (!tmpdir || strlen(tmpdir) == 0 || stat(tmpdir, &st) != 0)
+   if (!tmpdir || strlen(tmpdir) == 0 || // tmpdir is set
+        stat(tmpdir, &st) != 0 || (st.st_mode & S_IFDIR) == 0 || // exists and is directory
+        access(tmpdir, R_OK | W_OK | X_OK) != 0 // current user has rwx access to directory
+      )
       tmpdir = "/tmp";
 
    return string(tmpdir);

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index 7a3852ee89584472382b78c1f5299dde284f5230..cf0b9a96f75960081d8a8bc2afb8dc5d08a2bca0 100644 (file)
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -384,8 +384,12 @@ if [ "$command" != "help" ]; then
 
     # gpg needs (in different versions more or less) files to function correctly,
     # so we give it its own homedir and generate some valid content for it
-    if [ ! -d "$TMPDIR" ]; then
-        unset TMPDIR
+    if [ -n "$TMPDIR" ]; then
+       # tmpdir is a directory and current user has rwx access to it
+       # same tests as in apt-pkg/contrib/fileutl.cc GetTempDir()
+       if [ ! -d "$TMPDIR" ] || [ ! -r "$TMPDIR" ] || [ ! -w "$TMPDIR" ] || [ ! -x "$TMPDIR" ]; then
+         unset TMPDIR
+       fi
     fi
     GPGHOMEDIR="$(mktemp -d)"
     CURRENTTRAP="${CURRENTTRAP} rm -rf '${GPGHOMEDIR}';"

diff --git a/test/integration/framework b/test/integration/framework
index 9ce300d55a56591b943b6cfd63ade4b24ac78072..d576712e511f047443353db2101d347625ec396a 100644 (file)
--- a/test/integration/framework
+++ b/test/integration/framework
@@ -176,6 +176,10 @@ addtrap() {
 }
 
 setupenvironment() {
+       # privilege dropping and testing doesn't work if /tmp isn't world-writeable (as e.g. with libpam-tmpdir)
+       if [ -n "$TMPDIR" ] && [ "$(id -u)" = '0' ] && [ "$(stat --format '%a' "$TMPDIR")" != '1777' ]; then
+               unset TMPDIR
+       fi
        TMPWORKINGDIRECTORY=$(mktemp -d)
        addtrap "cd /; rm -rf $TMPWORKINGDIRECTORY;"
        msgninfo "Preparing environment for ${CCMD}$(basename $0)${CINFO} in ${TMPWORKINGDIRECTORY}… "

diff --git a/test/integration/test-bug-604401-files-are-directories b/test/integration/test-bug-604401-files-are-directories
index e6913edcffe5505242aa59929da51ad3ebf4fa96..fe0ccc7837e04fbb12fd7b8d41a4235a2bf7ee3d 100755 (executable)
--- a/test/integration/test-bug-604401-files-are-directories
+++ b/test/integration/test-bug-604401-files-are-directories
@@ -57,7 +57,7 @@ echo 'Package: apt
 Pin: release a=now
 Pin-Value: 1000' > rootdir/etc/apt/good-link.pref
 ln -s rootdir/etc/apt/good-link.pref rootdir/etc/apt/preferences
-test -n "$(aptcache policy | grep 1000)" && msgfail || msgpass
+test -n "$(aptcache policy | grep '1000 ')" && msgfail || msgpass
 rm rootdir/etc/apt/preferences
 
 msgtest "Broken link instead of a file as preferences ignored"

diff --git a/test/libapt/fileutl_test.cc b/test/libapt/fileutl_test.cc
index cdf7ea479a75bf276ce3f58237c4fa859d464b30..8d47c5098bdda0f91a19aa018d03225c493d60bc 100644 (file)
--- a/test/libapt/fileutl_test.cc
+++ b/test/libapt/fileutl_test.cc
@@ -217,8 +217,16 @@ TEST(FileUtlTest, GetTempDir)
    setenv("TMPDIR", "/not-there-no-really-not", 1);
    EXPECT_EQ("/tmp", GetTempDir());
 
+   // here but not accessible for non-roots
    setenv("TMPDIR", "/usr", 1);
-   EXPECT_EQ("/usr", GetTempDir());
+   EXPECT_EQ("/tmp", GetTempDir());
+
+   // files are no good for tmpdirs, too
+   setenv("TMPDIR", "/dev/null", 1);
+   EXPECT_EQ("/tmp", GetTempDir());
+
+   setenv("TMPDIR", "/var/tmp", 1);
+   EXPECT_EQ("/var/tmp", GetTempDir());
 
    unsetenv("TMPDIR");
    if (old_tmpdir.empty() == false)