DropPrivs in the solvers (just to be on the safe side)

author Michael Vogt <mvo@debian.org>

Wed, 11 Jun 2014 13:31:38 +0000 (15:31 +0200)

committer Michael Vogt <mvo@debian.org>

Wed, 11 Jun 2014 13:31:38 +0000 (15:31 +0200)
author Michael Vogt <mvo@debian.org>
Wed, 11 Jun 2014 13:31:38 +0000 (15:31 +0200)
committer Michael Vogt <mvo@debian.org>
Wed, 11 Jun 2014 13:31:38 +0000 (15:31 +0200)
diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc

index 1ba4674e583194155be2477097188fff8775e19f..da81edbcc9e54413eec1722dc993dd2f153681ae 100644 (file)
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -47,6 +47,7 @@
  #include <signal.h>
  #include <errno.h>
  #include <glob.h>
+#include <pwd.h>
  
  #include <set>
  #include <algorithm>
@@ -2050,3 +2051,19 @@ bool Rename(std::string From, std::string To)
     }   
     return true;
  }
+
+bool DropPrivs()
+{
+   if (getuid() != 0)
+      return true;
+
+   const std::string nobody = _config->Find("APT::User::Nobody", "nobody");
+   struct passwd *pw = getpwnam(nobody.c_str());
+   if (pw == NULL)
+      return _error->Warning("No user %s, can not drop rights", nobody.c_str());
+   if (setgid(pw->pw_gid) != 0)
+      return _error->Errno("setgid", "Failed to setgid");
+   if (setuid(pw->pw_uid) != 0)
+      return _error->Errno("setuid", "Failed to setuid");
+   return true;
+}
diff --git a/apt-pkg/contrib/fileutl.h b/apt-pkg/contrib/fileutl.h

index cc1a98eae02c227b47962dff72421baf0e3f5e6d..683c04157b473f4347669a061e75e25cef635a09 100644 (file)
--- a/apt-pkg/contrib/fileutl.h
+++ b/apt-pkg/contrib/fileutl.h
@@ -191,6 +191,9 @@ pid_t ExecFork(std::set<int> keep_fds);
  void MergeKeepFdsFromConfiguration(std::set<int> &keep_fds);
  bool ExecWait(pid_t Pid,const char *Name,bool Reap = false);
  
+// process releated
+bool DropPrivs();
+
  // File string manipulators
  std::string flNotDir(std::string File);
  std::string flNotFile(std::string File);
diff --git a/cmdline/apt-dump-solver.cc b/cmdline/apt-dump-solver.cc

index 04e13bde902decdb722e6f7826853fd1c38e3ed5..424764b3c35c5461e9ec3f8bf963f3a91480b0b6 100644 (file)
--- a/cmdline/apt-dump-solver.cc
+++ b/cmdline/apt-dump-solver.cc
@@ -40,6 +40,8 @@ int main(int argc,const char *argv[])                                 /*{{{*/
                 ShowHelp();
                 return 0;
         }
+        // we really don't need anything
+        DropPrivs();
  
         FILE* input = fdopen(STDIN_FILENO, "r");
         FILE* output = fopen("/tmp/dump.edsp", "w");
diff --git a/cmdline/apt-internal-solver.cc b/cmdline/apt-internal-solver.cc

index e4cdf63813ac241f24f3e81961c4eca7d1b02c9a..0cac12da23455d7b184a2bf04370a227b325df96 100644 (file)
--- a/cmdline/apt-internal-solver.cc
+++ b/cmdline/apt-internal-solver.cc
@@ -74,6 +74,9 @@ int main(int argc,const char *argv[])                                 /*{{{*/
                 {'o',"option",0,CommandLine::ArbItem},
                 {0,0,0,0}};
  
+        // we really don't need anything
+        DropPrivs();
+
         CommandLine CmdL(Args,_config);
         if (pkgInitConfig(*_config) == false ||
             CmdL.Parse(argc,argv) == false) {
author	Michael Vogt <mvo@debian.org>
	Wed, 11 Jun 2014 13:31:38 +0000 (15:31 +0200)
committer	Michael Vogt <mvo@debian.org>
	Wed, 11 Jun 2014 13:31:38 +0000 (15:31 +0200)
apt-pkg/contrib/fileutl.cc		patch \| blob \| blame \| history
apt-pkg/contrib/fileutl.h		patch \| blob \| blame \| history
cmdline/apt-dump-solver.cc		patch \| blob \| blame \| history
cmdline/apt-internal-solver.cc		patch \| blob \| blame \| history