Merge remote-tracking branch 'mvo/feature/drop-rights' into debian/experimental

author Michael Vogt <mvo@debian.org>

Wed, 18 Jun 2014 08:47:19 +0000 (10:47 +0200)

committer Michael Vogt <mvo@debian.org>

Wed, 18 Jun 2014 08:47:57 +0000 (10:47 +0200)
author Michael Vogt <mvo@debian.org>
Wed, 18 Jun 2014 08:47:19 +0000 (10:47 +0200)
committer Michael Vogt <mvo@debian.org>
Wed, 18 Jun 2014 08:47:57 +0000 (10:47 +0200)
diff --cc apt-pkg/contrib/fileutl.cc

index 29450ada05adb2fe4d0f3a4734726d2fcba5dfd7,da81edbcc9e54413eec1722dc993dd2f153681ae..6b8f04dea1519f5206f6385f551dc92cf0764d81
--- 1/apt-pkg/contrib/fileutl.cc
--- 2/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@@ -2112,57 -2052,18 +2113,74 @@@ bool Rename(std::string From, std::stri
      return true;
   }
   
+ +bool Popen(const char* Args[], FileFd &Fd, pid_t &Child, FileFd::OpenMode Mode)
+ +{
+ +   int fd;
+ +   if (Mode != FileFd::ReadOnly && Mode != FileFd::WriteOnly)
+ +      return _error->Error("Popen supports ReadOnly (x)or WriteOnly mode only");
+ +
+ +   int Pipe[2] = {-1, -1};
+ +   if(pipe(Pipe) != 0)
+ +   {
+ +      return _error->Errno("pipe", _("Failed to create subprocess IPC"));
+ +      return NULL;
+ +   }
+ +   std::set<int> keep_fds;
+ +   keep_fds.insert(Pipe[0]);
+ +   keep_fds.insert(Pipe[1]);
+ +   Child = ExecFork(keep_fds);
+ +   if(Child < 0)
+ +      return _error->Errno("fork", "Failed to fork");
+ +   if(Child == 0)
+ +   {
+ +      if(Mode == FileFd::ReadOnly)
+ +      {
+ +         close(Pipe[0]);
+ +         fd = Pipe[1];
+ +      }
+ +      else if(Mode == FileFd::WriteOnly)
+ +      {
+ +         close(Pipe[1]);
+ +         fd = Pipe[0];
+ +      }
+ +
+ +      if(Mode == FileFd::ReadOnly)
+ +      {
+ +         dup2(fd, 1);
+ +         dup2(fd, 2);
+ +      } else if(Mode == FileFd::WriteOnly)
+ +         dup2(fd, 0);
+ +
+ +      execv(Args[0], (char**)Args);
+ +      _exit(100);
+ +   }
+ +   if(Mode == FileFd::ReadOnly)
+ +   {
+ +      close(Pipe[1]);
+ +      fd = Pipe[0];
+ +   } else if(Mode == FileFd::WriteOnly)
+ +   {
+ +      close(Pipe[0]);
+ +      fd = Pipe[1];
+ +   }
+ +   Fd.OpenDescriptor(fd, Mode, FileFd::None, true);
+ +
+ +   return true;
+ +}
++
+ bool DropPrivs()
+ {
+    if (getuid() != 0)
+       return true;
+ 
+    const std::string nobody = _config->Find("APT::User::Nobody", "nobody");
+    struct passwd *pw = getpwnam(nobody.c_str());
+    if (pw == NULL)
+       return _error->Warning("No user %s, can not drop rights", nobody.c_str());
+    if (setgid(pw->pw_gid) != 0)
+       return _error->Errno("setgid", "Failed to setgid");
+    if (setuid(pw->pw_uid) != 0)
+       return _error->Errno("setuid", "Failed to setuid");
++
+    return true;
+ }
diff --cc apt-pkg/contrib/fileutl.h

index 0b4d9488519bf5c855fd479483c2d0a65e3bbde5,683c04157b473f4347669a061e75e25cef635a09..e04f75e2aed57eea283c1aad26c82b1887a0bfdf
--- 1/apt-pkg/contrib/fileutl.h
--- 2/apt-pkg/contrib/fileutl.h
+++ b/apt-pkg/contrib/fileutl.h
@@@ -193,9 -191,9 +193,13 @@@ pid_t ExecFork(std::set<int> keep_fds)
   void MergeKeepFdsFromConfiguration(std::set<int> &keep_fds);
   bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
   
++
+ +// check if the given file starts with a PGP cleartext signature
+ +bool StartsWithGPGClearTextSignature(std::string const &FileName);
+ +
+ // process releated
+ bool DropPrivs();
+ 
   // File string manipulators
   std::string flNotDir(std::string File);
   std::string flNotFile(std::string File);
author	Michael Vogt <mvo@debian.org>
	Wed, 18 Jun 2014 08:47:19 +0000 (10:47 +0200)
committer	Michael Vogt <mvo@debian.org>
	Wed, 18 Jun 2014 08:47:57 +0000 (10:47 +0200)
		1	2
apt-pkg/contrib/fileutl.cc	patch \|	diff1 \|	diff2 \|	blob \| history
apt-pkg/contrib/fileutl.h	patch \|	diff1 \|	diff2 \|	blob \| history