return _error->Error("Could restore a uid to root, privilege dropping did not work");
}
+ if (_config->FindB("APT::Sandbox::ResetEnvironment", true))
+ {
+ setenv("HOME", pw->pw_dir, 1);
+ setenv("USER", pw->pw_name, 1);
+ setenv("USERNAME", pw->pw_name, 1);
+ setenv("LOGNAME", pw->pw_name, 1);
+ auto const shell = flNotDir(pw->pw_shell);
+ if (shell == "false" || shell == "nologin")
+ setenv("SHELL", "/bin/sh", 1);
+ else
+ setenv("SHELL", pw->pw_shell, 1);
+ auto const tmpdir = getenv("TMPDIR");
+ if (tmpdir != nullptr)
+ {
+ auto const ourtmpdir = GetTempDir();
+ if (ourtmpdir != tmpdir)
+ setenv("TMPDIR", ourtmpdir.c_str(), 1);
+ }
+ }
+
return true;
}
/*}}}*/
# the host env does not pollute our environment
env -i \
APT_INTEGRATION_TESTS_SOURCE_DIR=$(pwd) \
-APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR=$(pwd)/build/test/interactive-helper \
+APT_INTEGRATION_TESTS_HELPERS_BIN_DIR=$(pwd)/build/test/interactive-helper \
APT_INTEGRATION_TESTS_METHODS_DIR=/usr/lib/apt/methods \
APT_INTEGRATION_TESTS_LIBEXEC_DIR=/usr/lib/apt/ \
APT_INTEGRATION_TESTS_INTERNAL_SOLVER=/usr/lib/apt/solvers/apt \
aptsortpkgs() { runapt apt-sortpkgs "$@"; }
apt() { runapt apt "$@"; }
apthelper() { runapt "${APTHELPERBINDIR}/apt-helper" "$@"; }
-aptwebserver() { runapt "${APTWEBSERVERBINDIR}/aptwebserver" "$@"; }
+aptwebserver() { runapt "${APTTESTHELPERSBINDIR}/aptwebserver" "$@"; }
aptitude() { runapt aptitude "$@"; }
aptextracttemplates() { runapt apt-extracttemplates "$@"; }
aptinternalsolver() { runapt "${APTINTERNALSOLVER}" "$@"; }
LIBRARYPATH="${APT_INTEGRATION_TESTS_LIBRARY_PATH:-"${BUILDDIRECTORY}/../apt-pkg"}"
METHODSDIR="${APT_INTEGRATION_TESTS_METHODS_DIR:-"${BUILDDIRECTORY}/../methods"}"
APTHELPERBINDIR="${APT_INTEGRATION_TESTS_LIBEXEC_DIR:-"${BUILDDIRECTORY}"}"
- APTWEBSERVERBINDIR="${APT_INTEGRATION_TESTS_WEBSERVER_BIN_DIR:-"${BUILDDIRECTORY}/../test/interactive-helper"}"
+ APTTESTHELPERSBINDIR="${APT_INTEGRATION_TESTS_HELPERS_BIN_DIR:-"${BUILDDIRECTORY}/../test/interactive-helper"}"
APTFTPARCHIVEBINDIR="${APT_INTEGRATION_TESTS_FTPARCHIVE_BIN_DIR:-"${BUILDDIRECTORY}/../ftparchive"}"
APTINTERNALSOLVER="${APT_INTEGRATION_TESTS_INTERNAL_SOLVER:-"${BUILDDIRECTORY}/solvers/apt"}"
APTDUMPSOLVER="${APT_INTEGRATION_TESTS_DUMP_SOLVER:-"${BUILDDIRECTORY}/solvers/dump"}"
else
shift
fi
- if test -x "${APTWEBSERVERBINDIR}/aptwebserver"; then
+ if test -x "${APTTESTHELPERSBINDIR}/aptwebserver"; then
cd aptarchive
local LOG="webserver.log"
if ! aptwebserver --port 0 -o aptwebserver::fork=1 -o aptwebserver::portfile='aptwebserver.port' "$@" >$LOG 2>&1 ; then
--- /dev/null
+#!/bin/sh
+set -e
+
+TESTDIR="$(readlink -f "$(dirname "$0")")"
+. "$TESTDIR/framework"
+
+setupenvironment
+configarchitecture 'amd64'
+
+aptdropprivs() { runapt "${APTTESTHELPERSBINDIR}/aptdropprivs" "$@"; }
+
+testsuccess aptdropprivs -- /bin/true
+testsuccess aptdropprivs --user "$USER" -- /bin/true
+testsuccess aptdropprivs --user 'nobody' -- /bin/true
+testsuccess aptdropprivs --user '_apt' -- /bin/true
+
+IDBIN='/usr/bin/id'
+testsuccessequal "$("$IDBIN")" aptdropprivs --user "$USER" -- "$IDBIN"
+
+SUDOBIN='/usr/bin/sudo'
+testequal "sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?" aptdropprivs --user 'nobody' -- "$SUDOBIN" "$IDBIN"
+
+if [ "$(id -u)" = '0' ]; then
+ testsuccessequal '_apt' aptdropprivs --user '_apt' -- "$IDBIN" '-un'
+ testsuccess aptdropprivs --user '_apt' -- '/bin/sh' '-c' 'export'
+ cp rootdir/tmp/testsuccess.output apt.env
+ testsuccessequal "export HOME='/nonexistent'" grep '^export HOME' apt.env
+ testsuccessequal "export USER='_apt'
+export USERNAME='_apt'" grep '^export USER' apt.env
+ testsuccessequal "export LOGNAME='_apt'" grep '^export LOGNAME' apt.env
+ testsuccessequal "export SHELL='/bin/sh'" grep '^export SHELL=' apt.env
+fi
target_link_libraries(extract-control apt-pkg apt-inst)
add_executable(aptwebserver aptwebserver.cc)
target_link_libraries(aptwebserver apt-pkg ${CMAKE_THREAD_LIBS_INIT})
+add_executable(aptdropprivs aptdropprivs.cc)
+target_link_libraries(aptdropprivs apt-pkg)
add_executable(test_fileutl test_fileutl.cc)
target_link_libraries(test_fileutl apt-pkg)
--- /dev/null
+#include <config.h>
+
+#include <apt-pkg/cmndline.h>
+#include <apt-pkg/configuration.h>
+#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
+
+#include <unistd.h>
+
+int main(int const argc, const char * argv[])
+{
+ CommandLine::Args Args[] = {
+ {'c',"config-file",0,CommandLine::ConfigFile},
+ {'o',"option",0,CommandLine::ArbItem},
+ {0, "user", "APT::Sandbox::User", CommandLine::HasArg},
+ {0,0,0,0}
+ };
+
+ CommandLine CmdL(Args, _config);
+ if(CmdL.Parse(argc,argv) == false || DropPrivileges() == false)
+ {
+ _error->DumpErrors(std::cerr, GlobalError::DEBUG);
+ return 42;
+ }
+
+ return execv(CmdL.FileList[0], const_cast<char**>(CmdL.FileList));
+}
projects / apt.git / commitdiff
